Many websites incorporate data obtained from other websites. It is sometimes thought that, where the data obtained is not protected by copyright (e.g. data consisting of postal addresses arranged alphabetically) there are no legal problems. This is however a mistake: the collection and re-use of such data can present significant legal risks.
As a matter of English law, the key risks arise under:
- the database right legislation;
- the law of contract; and
- the Computer Misuse Act.
A database is defined in the Copyright Designs and Patents Act 1988 as “a collection of independent works, data or other materials which – (a) are arranged in a systematic or methodical way, and (b) are individually accessible by electronic or other means.” In general terms, databases falling with this definition will be protected by database right if there has been “a substantial investment in obtaining, verifying or presenting the contents of the database.” Database right will be infringed where a person extracts or reutilises all or a substantial part of a protected database without the consent of the database owner.
The law on database right is in a state of flux, and unfortunately the scope of the right is not entirely clear. Nonetheless, it is clear that the harvesting of data from other sites can in some circumstances constitute an infringement of this right.
Law of contract
Computer Misuse Act
The Computer Misuse Act provides for a specific offence in the case of unauthorised access to a computer: “(1) A person is guilty of an offence if— (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that that is the case. (2) The intent a person has to have to commit an offence under this section need not be directed at— (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer. (3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.“