All questions

Intellectual property and data protection

i Copyright protection of software

Digital data and material will usually be one of the key assets of fintech companies. Therefore, it is important to outline the legal scope for the protection of these assets.

There have been debates on whether computer programs (software) are protected as a copyright or patent right. In the EU, the copyright model has been the legal approach for dealing with this situation. In that sense, computer programs are protectable by copyright as literary works if they express the intellectual creation of an author.51 In that regard, the source code and object code of the software are protected by copyright.

Copyright protection extends to any element of expression of the creativity of a work's author, but not to the ideas behind it or the procedures, methods of operation or mathematical concepts as such. Therefore, an algorithm will not be protected by copyright. The main legal argument for this conclusion is that it is a factual concept and not an expression of the intellectual creativity of its author.

If an employee of a fintech company develops software during the performance of his or her work or according to the employer's instructions, the copyright will automatically be granted to the employer.52 This rule applies only to 'employees'. Consequently, consultants and software developers entering into a separate agreement with the company will attract the copyright as creators of the work. Therefore, it is important to manage the rights to the software in the contract under which it is developed.

ii Patent protection of software

The European Patent Convention and the Danish Patent Act excludes software from patentability if a patent application relates to a computer program 'as such'. It is therefore necessary to distinguish between 'software patents' that are excluded and 'computer-implemented inventions' that constitute accepted patentable subject matter.

In this respect, patent protection can be granted to inventions that involve the use of a computer, a computer network or other features realised by means of a computer program. Therefore, patentability is not denied on the sole basis that a computer program is involved. The decisive factor for patent protection of software is that the invention must contain or possess a technical character. This technical character must be present in all variants covered by the patent claim.

iii Database protection

Certain fintech business models have an interest in protecting the database they created. Protection can be obtained either as copyright protection or the unique sui generis protection offered by the Directive on the legal protection of databases.53 The latter protection type is, seemingly, easiest to access, as it only requires a substantial investment (qualitative or quantitative) in obtaining, verifying or presenting the data.

The copyright protection demands that the selection or arrangement of the contents of the database must constitute the author's own intellectual creation. Hence, protection will only apply to the selection and arrangement or structure of the material contained in the database and not the data itself.

The sui generis right on the other hand does not protect the structure or arrangement of the database but protects its contents. Thus, if a company is protected by the sui generis right, it has the right to prohibit any acts of extraction or reutilisation of the whole, or a substantial part, of the contents of a database.


Providers of financial services in Denmark are subject to the EU GDPR and the Danish Data Protection Act.54 It is necessary for fintech companies to ensure that personal data is processed lawfully in the light of the data protection rules.

As an example, companies must gather information about: their customers in accordance with the AML Act and the Crowdfunding Regulation; and their investors pursuant to the suitability test carried out by MiFID companies. When companies gather this information, obligations under the GDPR regime are triggered and the companies must comply with these rules to avoid any sanctions.