As part of its broader digital strategy, the European Commission has articulated a data strategy. Its aim is to help grow “the use of, and demand for, data and data-enabled products and services throughout the Single Market”.Footnote 1 In the eyes of the EC, promoting wider availability and use of data would stimulate not just “greater productivity and competitive markets, but also improvements in health and well-being, environment, transparent governance and convenient public services”.Footnote 2 That is quite a shopping list. The data strategy has ramifications for intellectual property law, especially for the sui generis database right enshrined in the 1996 Database Directive.Footnote 3

1 The Open Data Directive

Two key legislative instruments that operationalise the data strategy are the 2019 Open Data Directive and the proposed regulation on European data governance (Data Governance Act).Footnote 4 The Open Data Directive is the latest and most ambitious iteration of the 2003 Public Sector Information Directive. In a nutshell, it mandates that data held by public sector bodies must be made available for commercial and non-commercial re-use, with as few strings attached as possible. This is because the Directive recognises exceptions, and crucially, only applies to data that is already publicly accessible on the basis of national or EU access regimes, e.g. under laws on public registers or freedom of information acts. Important too is that information or data in which third parties hold intellectual property rights are exempt. By contrast, public sector bodies that own sui generis database rights are no longer allowed to exercise these – the Directive now makes this explicit. It does not do so for copyright (and neighbouring rights) owned by the public sector, but it follows from the obligation to allow re-use that severe limits are placed on public sector bodies’ freedom to exercise these. Another new feature is that the EC can designate certain data sets as “high value” so that these can be made maximally available for free. Research data from universities is now also covered by the Directive (albeit under a slightly different re-use regime), but collections of, e.g. public service broadcasters and public cultural institutes like museums remain excluded. The Open Data Directive must be implemented by July 2021.

2 The Proposed Data Governance Act

The proposed Data Governance Act seeks to extend the principles of the Open Data Directive to a wider range of data, which is held by public authorities but subject to third-party intellectual property rights, to commercial or statistical confidentiality, or data protection restraints. Not surprisingly, it is less prescriptive than its big brother. It does not oblige public sector bodies to allow re-use, but those that do must adhere to a number of principles. These are reminiscent of the principles laid down in the original Public Sector Information Directive of 2003, which were less strict than those of its successors. Exclusive licensing arrangements are to be avoided, and if they can’t be, they must be of limited duration (three years). Where public sector re-use is limited to certain types of uses, the conditions of each of these uses must be non-discriminatory, proportionate and objectively justified. The charging of fees is allowed, but these must be based on the costs of processing re-use requests. As is the case in the Open Data Directive, a public sector body would be barred from exercising sui generis database rights to limit re-use. Of course, the public sector cannot allow re-use of data in which third parties own intellectual property without first securing the necessary permissions. The Data Governance Act does not propose rights on access to data, although we might see those as part of a prospective Data Act expected later in 2021.

3 The End of the Database Directive as We Know It?

So, as the Database Directive celebrates its 25th anniversary this year, has its dismantling begun in earnest? The shared history of the Directives is not well known. Conceived in 2003, the Public Sector Information Directive was spawned by the failure of the 1989 Commission Guidelines for improving the synergy between public and private sectors in the information market. Those non-binding guidelines asked Member States to ensure that commercial providers of information products and services would have more opportunities to exploit public sector information. The fledgling European database industry would benefit, for example, in the field of legal information.

With the Synergy Guidelines, the Commission also sought to rein in public organisations that – under pressure from new public management models and funding cuts – discovered money was to be made by branching out beyond their public tasks, into selling, e.g. company information, meteorological, traffic and statistical data at market prices. Those familiar with the history of the Database Directive may recall that in the early stages of policymaking – following the 1988 Green paper on copyright and the challenge of technology – there were proposals to exclude databases produced in the exercise of public tasks from protection, or to at least subject sole-source databases to compulsive licensing schemes. Those policy choices were not made. As a consequence, the Database Directive does not distinguish between private sector and public sector databases, and this despite the fact that in most if not all cases databases created by public sector bodies are the (by)product of the exercise of public tasks to which the incentive logic that is supposed to justify sui generis rights does not apply.

So, where it was apparent already decades ago that the database right and the stimulation of promotion of public sector-based data services make uneasy bedfellows, it took until now for public sector database rights to be effectively pushed out. Since the Database Directive is currently under review, this would seem a good moment for the European Commission to revisit the protection of public sector databases and propose changes. There is an additional reason for getting database rights sorted.

A novel feature in the proposed Data Governance Act is that in order to regulate data flows between EU countries and third countries, the EC can take “adequacy decisions” of the kind familiar – and highly contentious – from data protection law. Article 5(9) of the proposal grants the Commission powers to adopt implementing acts “declaring that the legal, supervisory and enforcement arrangements of a third country: (a) ensure protection of intellectual property and trade secrets in a way that is essentially equivalent to the protection ensured under Union law; (b) are being effectively applied and enforced; and (c) provide effective judicial redress”.

Much more can be said about the proposed Data Governance Act, but the one thing to flag here is that it seems to me it will be a real challenge to reach adequacy decisions on third-country intellectual property systems. Bear in mind that the EU itself has no harmonised rules on copyright and neighbouring rights for information held by the public sector. If in the EU we do not even have a common understanding of if and when certain information should be excluded from copyright, or be treated differently because it is publicly funded, or produced for the purposes of public tasks, what then is the yardstick against which the regimes of other countries are to be measured? Consider also that the Berne Convention for the Protection of Literary and Artistic Works says no more than that it is up to union members to decide on the copyright status of government works, and that the provision predates the modern data driven state. It therefore gives hardly any guidance. Obviously the proposed adequacy mechanism is also – perhaps predominantly so – meant to protect third-party intellectual property. If a recipient of data means to transfer it to a third country, the idea is that the adequacy system will reduce the risk that data becomes unprotected in case it leaks away, in breach of licensing terms. But clarity on the right status of public sector data is important too, if only because in countries like the US sui generis database protection does not exist, and there is no copyright in (federal) government works. In light of all these developments, I suggest the European Commission grabs the bull by its horns and embarks on its next harmonisation project, thus adding one more missing link in the copyright and neighbouring rights acquis.