In view of the explosion in the amount of data created, collected, exchanged or used, AIPPI – the first international association dedicated to the development and improvement of laws for the protection of intellectual property – has carried out a vast study on the protection of non-personal data, public data, health data and databases.
AIPPI has invited national groups to present the relevant provisions applicable in their countries as well as to explore the need for harmonization of the protection at the international level.
The protection by legislation and policy issues relating to personal data was specifically excluded from the scope of the study.
3.1. The very comprehensive report of the French group first of all reminds us that the data itself is not subject to a property right but may be subject to an intellectual property right in specific cases (e.g. by copyright if it contains intellectual works and/or by the sui generis right of the database producer if it constitutes a qualitatively substantial part of a database). However, other regimes allow for data protection, provided that certain conditions are met, such as:
For the French group, this "arsenal" of protection regimes appears sufficient, even if there is always the risk that an economic operator may reserve control of certain essential data affecting competition (in particular via the trade secret regime or contractual provisions). Consequently, the envisaged improvement would be to provide for exemptions from access to data and their processing for purposes of public interest (e.g. public health, scientific or historical research, security).
3.2. Regarding databases, the French group points out that their structure may be protected by copyright (subject to originality) and that their content is protected by the sui generis database right, provided that the conditions are met. The other protection regimes mentioned above (trade secrets, unfair competition, criminal law, contract law) may also apply, completed by specific regulations as the case may be, such as, for instance, regulations on online gambling and gaming.
For the French group however, the sui generis database right is subject to inherent limitations that make it inadequate for the protection of “mere” data.
Article 7 of Directive 96/9/EC on the legal protection of databases provides that the maker (or "producer" under French law) of a database has the right “to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database”, where “there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents”.
However, in 2004, the European Court of Justice (EUCJ) ruled that « the expression ‘investment in … the obtaining … of the contents’ of a database as defined in Article 7(1) of the directive must be understood to refer to the resources used to seek out existing independent materials and collect them in the database. It does not cover the resources used for the creation of materials which make up the contents of a database ».
In so doing, the CJEU has narrowed the scope of this protection by limiting it to pre-existing data "obtained" only, to the exclusion of data "created". Such an approach has a huge impact on the data economy by excluding from protection the so-called "spin-off" databases, i.e. those which are the sole result of a main activity, such as data generated by sensors, data produced by machines, by Internet of Things devices, mega-data or data resulting from artificial intelligence. The sui generis right thus only applies to databases that contain data from existing materials.
The French group therefore suggests that the sui generis right should also take into account the substantial investment devoted to the production of data (and not only to the collection and verification of data under the existing regime).
3.3. Finally, the French group draws up a detailed inventory of two specific regimes: on the one hand, the regime for public documents and the public data they contain, and on the other hand, the regime for health data in its various definitions under French law.
The French group reiterates the specific conditions of accessibility of these types of data, stating that a clarification of the derogations to the access and processing of health data would be recommended.
To conclude, given the very wide range of protection regimes applicable to non-personal data and databases, experts should be consulted on a case-by-case basis, when a question of protection arises.
August Debouzy's Media Technologies Intellectual Property department is at your disposal for this purpose.
 International Association for the Protection of Intellectual Property
 31 national groups participated. These countries are the following: Argentina, Australia, Azerbaijan, Belgium, Brazil, Bulgaria, Canada, Chile, China, Croatia, Ecuador, Finland, France, Germany, Hungary, India, Indonesia, Italy, Japan, Malaysia, Mexico, Paraguay, Philippines, Poland, Spain, Switzerland, Netherlands, United Kingdom, USA, Taiwan, Turkey.
 Personal data is defined as « any information relating to an identified or identifiable natural person » cf. Article 4 (1) of the GDPR: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679
 The term "public data" generally refers to information produced or collected by public authorities (State, local authorities, administrative authorities, etc.) as part of their public service activities.
 to access national reports enter the key words “IP rights in data” in the AIPPI research engine on https://aippi.soutron.net/Portal/Default/en-GB/Search/SimpleSearch
 Link to the very instructive synthesis prepared by the rapporteurs: https://aippi.soutron.net/Portal/DownloadImageFile.ashx?objectId=8481
 See the national reports, including the French group's report and AIPPI's recommendations, available at the following link: https://www.aippi.fr/fr/travaux-scientifiques/questions-etudiees/theme-6-congres-de-geneve-2004
 Link to the report of the French group: https://aippi.soutron.net/Portal/DownloadImageFile.ashx?objectId=8395
 See judgments of the CJEU of Nov. 9, 2004 in the cases : C-46/02, Fixtures Marketing Ltd v. Oy Veikkaus (http://curia.europa.eu/juris/liste.jsf?language=fr&num=C-46/02) ; C-338/02, Fixtures Marketing Ltd v. Svenska Spel Ab (http://curia.europa.eu/juris/liste.jsf?language=fr&num=C-338/02) ; C-203/02, British Horseracing Board Ltd v. William Hill (http://curia.europa.eu/juris/liste.jsf?num=C-203/02) ; C-444/02, Fixtures Marketing Ltd v. OPAP (http://curia.europa.eu/juris/liste.jsf?language=fr&num=C-444/02).
 For an application of this solution by the French courts, see Civ. 1, 5 March 2009, pourvois 07-19.734 and 07-19.735; CA Paris, 20 December 2013, RG n°12/20260.
 See Evaluation of Directive 96/9/EC on the legal protection of databases, SWD (2018) 147 final, p. 15 and 24 ; see also Study in support of the evaluation of Directive 96/9/EC on the legal protection of databases.