The CJEU has ruled that database owners whose databases are not protected by copyright or the sui generis database right may rely on contractual terms and conditions to restrict access to and exploitation of their data. As a result, it will be particularly important for owners of online databases that do not qualify for IP protection to obtain advice on how best to protect their data contractually in the countries in which they do business. Businesses who currently scrape data should take a good look at the small print of the terms applying to the websites they are scraping from.
In the latest instalment in Ryanair’s bid to prevent ‘scraping’ of its data by price comparison websites, the CJEU has held on a reference for a prelimary ruling from The Netherlands that the provisions of the Database Directive (96/9/EC) which establish mandatory rights for lawful users of databases, are not applicable to a database which is protected by neither copyright nor the sui generis right, and so do not prevent the adoption of contractual clauses concerning the conditions of use of such a database.
Ryanair appealed the decision to the Supreme Court of The Netherlands, which stayed the proceedings and referred the following question to the CJEU:
“Does the operation of the [Database Directive] also extend to online databases which are not protected by copyright… and also not by a sui generis right…, in the sense that the freedom to use such databases through the (whether or not analogous) application of Article(s) 6(1) and 8 in conjunction with Article 15 [of the directive] may not be limited contractually?“.
As explained above, the CJEU held that the Directive only applies to databases protected by copyright or the sui generis right and that the owner of a publically accessible database is free to determine by contract and in compliance with the applicable national law the conditions of use of its database. The same is not true for a database protected by copyright or the sui generis right, because of a number of provisions in the Directive (Articles 6(1), 8 and 15) which operate to prohibit certain contractual limitations on the use of a database.
It has been left to the Supreme Court of The Netherlands to determine whether the contractual provisions prohibiting commercial use of data will be binding on PR Aviation under Dutch law. However, it would seem likely that Ryanair will be allowed to prevent PR Aviation – and other companies like it – from scraping its data, pursuant to its contractual terms. As contract law is generally not harmonised across Europe, it could well be that the question as to whether a database is effectively protected contractually will vary between EU countries. It is therefore important for database owners who make their databases generally available to the public online to understand local contract laws and ensure they have a robust means of establishing that a binding contract is in place. Ryanair’s approach of requiring a tick box to accept clearly worded terms is certainly a good start, but may not be effective in all countries. It will also be important for such database owners to take technological measures to prevent access by people who have not accepted the terms and conditions.
It is an interesting result that there will be a significant category of databases which are eligible for potentially more extensive contractual protection, as a result of them being denied copyright or sui generis database right protection.