Internet Data Collection Risks

Tomáš Nielsen, Tomáš Strakatý, epravo.cz

As noted by the professional public, today’s world is oversaturated with information published on the Internet – new data aggregators searching for the right data in the “network of networks” are launched to the market almost every month, the demand for data collection services is on the increase and so is the number of data analysis services processing the automatically collected data published on the Internet.

Yet, the internet data collection itself is not risk-free. Companies wishing to provide the related services are first to check thoroughly if the laws regulating the use of publicly available information cannot get violated by the intended activities. Although relatively easy to provide and undemanding in terms of required technology, the data collection services may intrude on the rights of others and cause unexpected difficulties in the form of forced termination of activities, compensation for damage, etc.

Generally speaking, the risk of unauthorised violation of copyright needs to be considered; as well as the fact that the violation of copyright includes also circumstances other than “mere” copying of a copyrighted work. The Copyright Act protects also makers of a database, that is, entities that create, whether on their own or in concert with other suppliers: “a collection of independent works, data or other material arranged in a systematic or methodical way and individually accessible by electronic or other means irrespective of the form of their expression”; and prohibits other entities from extracting the data from databases without prior consent of the respective database makers (even in cases of a repeated and systematic extraction or re-utilisation of insubstantial parts of the content of the database).

The data collection process itself may face also other issues; including a breach of acts, measures and rules regulating the protection of personal data (Personal Data Protection Act, Information Society Services Act and other acts and regulations governing the protection of such data). Storing and using the personal data for further purposes undoubtedly qualifies for personal data processing under the Personal Data Protection Act and as such is subject to strict regulation.

A few years ago, the extraction of third party data received yet another dimension. In a dispute between a publisher of a periodical (and simultaneously a news portal operator) and a media monitoring service provider (providing its clients, incl. state authorities, with a list of articles distributed for a fee in the form of hypertext links) over the use of deep links (hypertexts linking to a specific, generally searchable or indexed, piece of web content on a website), the competent Danish court sided with the publisher claiming a breach of good morals rather than a breach of copyright. Simply pointing out to an unfair competition, the provider claimed that the articles (or rather the wages and salaries of journalists as well as other operating costs) were financed from advertising published on the publisher’s home page and that the deep links were directing the users to the pages with the articles in question rather than to the provider’s web page and hence allowed the media monitoring service provider to generate profit at the publisher’s cost and subject to no compensation offered to the publisher.

It should be noted that a breach of copyright, competition rules and/or personal data protection measures needs not necessarily to result only in the compensation for damage or abandonment of activities but can as well be qualified as a crime. The importance of the foregoing is thus not worth underestimating.

The use of data published on certain web pages and/or by certain data providers is additionally protected also by special regulations. Such as the land cadastre data – freely available to the public, these can be extracted and re-utilised only for the purposes stipulated by law, namely by Section 53 of the Land Cadastre Act; and distributed only with previous consent of the Czech Office for Surveying, Mapping and Cadastre and on the conditions stipulated by the implementing statutes (and subject to a penalty of up to CZK 200,000 for individual breach thereof). Another example of the foregoing is the new Consumer Loan Act taking effect on 1 December 2016 stipulating only a fine line between loan brokers (subject to strict regulation) and mere aggregators of offers by lending institutions.

Representing one of the most recent trends, the process of data aggregation and analytic processing is to be handled consciously – the type of data to be processed as well as the data resources and applicable regulations must be thoroughly identified before the data collection services are offered; otherwise, the service providers may be fined or even prosecuted.

Tomáš Nielsen

Tomáš Strakatý

(The authors are lawyers practising at NIELSEN MEINL, attorneys-at-law)

 

Published on EPRAVO.CZ portal

http://www.epravo.cz/top/clanky/sber-dat-na-internetu-neni-bez-rizika-103413.html