The CJEU has ruled that database owners whose databases are not protected by copyright or the sui generis database right may rely on contractual terms and conditions to restrict access to and exploitation of their data.  As a result, it will be particularly important for owners of online databases that do not qualify for IP protection to obtain advice on how best to protect their data contractually in the countries in which they do business.  Businesses who currently scrape data should take a good look at the small print of the terms applying to the websites they are scraping from.

In the latest instalment in Ryanair’s bid to prevent ‘scraping’ of its data by price comparison websites, the CJEU has held on a reference for a prelimary ruling from The Netherlands that the provisions of the Database Directive (96/9/EC) which establish mandatory rights for lawful users of databases, are not applicable to a database which is protected by neither copyright nor the sui generis right, and so do not prevent the adoption of contractual clauses concerning the conditions of use of such a database.

The defendant, PR Aviation, operates a website on which consumers can search through the flight data of low-cost air companies, compare prices and (on paying a commission to PR Aviation) book flights.  It obtains the necessary data to respond to an individual query by automated means, including from a dataset linked to the Ryanair website also accessible to consumers.  The Terms of Use of the Ryanair website provide that “Ryanair.com is the only website authorised to sell Ryanair flights.  Ryanair does not authorise other websites to sell its flights…” and further that“The use of automated systems or software to extract data … for commercial purposes, (‘screen scraping’) is prohibited unless the third party has directly concluded a written licence agreement with Ryanair in which permits it access to Ryanair’s price, flight and timetable information for the sole purposes of price comparison.”

In the domestic proceedings, Ryanair claimed at first instance that PR Aviation had infringed its copyright and database right relating to its data set and that it had acted contrary to the Terms of Use.  On 28 July 2010, the lower court Rechtbank Utrecht dismissed Ryanair’s claim in so far as it was based on an infringement of sui generis database right, but accepted that PR Aviation had infringed Ryanair’s copyright in the ‘written materials’ that formed the database.  On appeal by both parties, the Amsterdam Court of Appeal set aside the judgment of the Rechtbank Utrecht, and dismissed Ryanair’s cross appeal. The Court of Appeal held that even if the digital information made public by Ryanair was covered by the protection of written materials under Dutch copyright legislation, PR Aviation’s conduct corresponded to normal and therefore legitimate use of the Ryanair website, which was not affected by the prohibition in the Terms of Use.  In relation to the sui generis right, the Court of Appeal held that Ryanair had not established the necessary ‘substantial investment’ in seeking out materials and collecting them in its database.  Rather, the contents of the database – flight times, schedules and prices – were generated (i.e. created) by Ryanair itself.

Ryanair appealed the decision to the Supreme Court of The Netherlands, which stayed the proceedings and referred the following question to the CJEU:

Does the operation of the [Database Directive] also extend to online databases which are not protected by copyright… and also not by a sui generis right…, in the sense that the freedom to use such databases through the (whether or not analogous) application of Article(s) 6(1) and 8 in conjunction with Article 15 [of the directive] may not be limited contractually?“.

As explained above, the CJEU held that the Directive only applies to databases protected by copyright or the sui generis right and that the owner of a publically accessible database is free to determine by contract and in compliance with the applicable national law the conditions of use of its database.  The same is not true for a database protected by copyright or the sui generis right, because of a number of provisions in the Directive (Articles 6(1), 8 and 15) which operate to prohibit certain contractual limitations on the use of a database.

It has been left to the Supreme Court of The Netherlands to determine whether the contractual provisions prohibiting commercial use of data will be binding on PR Aviation under Dutch law.  However, it would seem likely that Ryanair will be allowed to prevent PR Aviation – and other companies like it – from scraping its data, pursuant to its contractual terms.  As contract law is generally not harmonised across Europe, it could well be that the question as to whether a database is effectively protected contractually will vary between EU countries.  It is therefore important for database owners who make their databases generally available to the public online to understand local contract laws and ensure they have a robust means of establishing that a binding contract is in place.  Ryanair’s approach of requiring a tick box to accept clearly worded terms is certainly a good start, but may not be effective in all countries.  It will also be important for such database owners to take technological measures to prevent access by people who have not accepted the terms and conditions.

It is an interesting result that there will be a significant category of databases which are eligible for potentially more extensive contractual protection, as a result of them being denied copyright or sui generis database right protection.