Canada | Publication | September 29, 2021
How do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property.
Copyright
Original compilations of data are protected by copyright, but whether a compilation of data is “original” is a highly contextual and factual determination. For example, the Federal Court of Appeal recently stated that the well-known “Multiple Listing Service” (MLS) system used for collecting and distributing real estate information merely includes a specific compilation of data from real estate listings and thus amounts to a “mechanical exercise” that cannot be protected as a compilation under the Copyright Act.1 On the other hand, other cases have found that copyright does attach to specific aspects of real estate listings, such as the property descriptions and associated photographs.2
Original compilations are often those where some degree of skill and judgement is involved when compiling the data in question, as opposed to merely re-arranging the data chronologically, for example. Copyright holders also hold “moral rights” in such works that protect the author's association with a creative work and allow the author to preserve its integrity and intent, though such rights, unlike copyright, can only be waived and are not assignable.
Canadian copyright owners enjoy the sole right to produce and reproduce data subject to copyright protection. They can also create derivative works from such data (i.e., derivative data). As we will address further below, particular care should be taken when dealing with derivative data, as derivative data opens the door for both value creation and destruction.
Copyright protection lasts up to 50 years following the death of the author, though that may be extended to 70 years in the next year or so.
Trade Secrets
Data can also be protected by being characterized as a trade secret. To be considered a trade secret, the data in question must: 1) have commercial value; 2) be secret; and 3) be subject to reasonable measures ensuring the data’s secrecy. The protections for trade secrets, which include additional civil and criminal remedies, last indefinitely, so long as the trade secret remains secret. Businesses should be particularly careful in publishing or otherwise disclosing datasets, as the trade secret protection may potentially no longer be claimed.
Patents
Typically, data is not protected through patents since patents can only apply to an actual “invention.” In some fringe cases, however, patents have been awarded to methods pertaining to compilations of data. For example, a US patent was awarded in respect of how a compilation of data was physically stored, since the way it was stored allowed the stored data to be accessed much quicker. Canadian patents last up to 20 years.
The most common form of ensuring your intellectual property rights embodied in your sensitive data are protected in a commercial context remains through the creation of “data rights” within the context of commercial agreements (contracts) with third parties. For example, data licenses allow businesses to share sensitive data with other parties while retaining a comfortable level of control. When licensing your business’ data, consider addressing the following:
However, data licensing raises several unique issues with respect to data ownership and scope of use as well as the treatment of novel, derived or usage data and intellectual property rights that can come into existence through an arrangement or application of such data, which can’t always be reliably anticipated and fully covered in such an agreement. Further complexities may arise when a data recipient co-mingles the licensed data with its own (or data from third parties) to form new IP and structures in which case the weight of the licensed data into the resulting asset is not always clear.
Derivative Data
It is important to clearly define what is and is not derivative data, as well as determining who owns, and who has rights to, the derivative data. This is because derivative data by its definition contains some resemblance to that data it was derived from: your business data. An ill-considered derivative data provision could erode your business’ rights or control over its data by allowing another party to have exclusive rights and controls over a similar, and potentially better, set of data. For example, if broad derivative use rights are granted, you may inadvertently give away to a third party the right to use your data as a launching pad for further innovation which that party can then claim rights to, eroding your own IP portfolio growth in the process.
In the next publication, we will further discuss and provide practical considerations that all businesses transacting with data should know when entering into agreements with third parties with respect to such derived and derivative data, including important privacy and cyber-security concerns.
Publication
The Canadian Federal Budget 2024 proposes to broaden the scope of certain powers allowing CRA to request information from taxpayers, and sets out new consequences for non-compliant taxpayers.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023
