Garrigues Digital_

Legal innovation in Industry 4.0




How to protect algorithms and big data in the digital economy

Jaime Fanego, senior associate at Garrigues Corporate Law Department.

In the age of the digital economy, both the methods for analyzing and processing the big data and the knowledge acquired by the use of these methods have become real assets for companies.  In this context, there are legal ways to protect algorithms and databases as intangible assets, but this requires a pro-active attitude from the entrepreneur in order to prove the secrecy of the algorithm and the investment made to create and maintain the databases.  

The analysis of the information obtained on the internet enables a better understanding of the key issues of a certain business (e.g. consumption patterns on the relevant market, customer needs, etc.) and helps to direct resources in a very efficient and cost-effective approach.  Indeed, the most sophisticated players have already developed data-driven decision-making procedures and employ data analysis for developing corporate strategies.

Therefore, the ability to process and analyze huge amounts of data and the competence to understand them are the basis of many companies' business and their competitive advantage, and especially of many startups that rely on the knowledge acquired by their tools to offer innovative and high value-added services and solutions.

The importance of these intangible implies that their protection is definitively a decisive component for the success and consolidation of these businesses.  Indeed, the disclosure of an algorithm or the open access to the knowledge stored in the databases may jeopardize a business based on the exploitation of these intangibles.     

Thus, how do we legally protect an algorithm and the databases produced by it? 

How do we protect an algorithm?

Though the first alternatives we might think of for their protection are the patent or the copyright, nowadays, both in Spain and in the European Union, it is quite difficult that algorithms -understood as methods, principles or abstract rationales for the analysis and understanding of data- could be protected under such figures. 

The Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2003 on the legal protection of computer programs settles that “ideas and principles which underlie any element of a program, including those which underlie its interfaces, are not protected by copyright and, therefore, to the extent that logic, algorithms and programming languages comprise ideas and principles, those ideas and principles are not protected under this Directive.”  The same approach is followed at domestic level, where the Royal Legislative Decree 1/1996, dated 12th April, enacting the consolidated text of the Intellectual Property Act excludes the protection by copyright of “ideas and principles underlying any of the elements of a computer program, including those underlying its interfaces.”

With regard to patents, the Convention on the Grant of European Patents of 5 October 1973 stipulates that scientific theories, mathematic methods, “schemes, rules and methods for performing mental acts, playing games or doing business” that do not provide a solution to a technical problem are not patent-eligible.  At a national level, our regulation address it in a similar understanding.

On the other side of the Atlantic, in the US, the scenario after the popular Alice Corporation Pty. Ldtd. V. CLS Bank International case is not that different.  Though it was traditionally a friendlier jurisdiction, the move after Alice case raises the bar on the patentability of algorithms since it concludes that the need of using some computer application is not enough to transform an abstract idea into a patent-eligible invention.  The patentability of the algorithm in the US would require converting that abstract idea into a method with a unique, new and useful purpose that ensures that the patent goes beyond capturing in writing or in a computer program an abstract idea in order to monopolize it.  This thesis certainly adds an extra layer of difficulty.

However, this does not mean that there are no legal means for protecting algorithms and other intangibles that, without falling within the scope of the protection of the patent or the copyright, are of significant value.  Indeed, they do exist, and are certainly effective. 

In this respect, algorithms, as know-how tools, may be protected under Spanish Act 1/2019 of 20 February 2019 on Trade Secrets, which transposes Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against unlawful acquisition, use and disclosure.

For that purpose, the algorithm should be considered as a trade secret, which in accordance with the Trade Secrets Act would require that it shall:

  • Be secret, in the sense that it is not generally known in the sector of its application or by the people belonging to the circles in which it is normally used, nor is it easily accessible to them.
  • Have business value, whether actual or potential, specifically for being secret.  This precisely means that the fact of benefiting from this knowledge and of keeping it secret implies -or may imply- a competitive advantage in the sector in which it is applied.
  • Be (or have been) subject of measures to keep it secret.

Therefore, in order to benefit from the protection conferred by the Trade Secrets Act, it is necessary for the company to adopt a proactive approach to keep the algorithm secret and thus preserve its value and the advantages it confers.  Hence, it shall be key to develop company practices and policies preventing the disclosure of the relevant information.  Some good practices for keeping secrecy safe would be limiting access to relevant information, encrypting files or records that may contain sensible information, developing company policies to regulate access to files or entering into confidentiality agreements with those who may have direct access to particularly sensible information.

Under this regulation, the algorithm as a trade secret shall have a patrimonial nature, shall be subject to ownership rights by its owner, who may be entitled to transfer or grant a license thereto, and any appropriation, disclosure or use made without such owner's consent or in breach of the agreements by which its use or access has been permitted shall be considered a violation of trade secret law and of course an unlawful action.

The civil actions against the violation of trade secrets are in line with those set out in the area of trademarks and patents.  With an open list of actions, which includes the declaration of violation of trade secret and the action for cessation of the violating behavior, together with other remedies, such as the prohibition to continue with the infringing conducts, the return of the supports containing the trade secret and, if applicable, their destruction, the publication of the ruling and the compensation of damages -which would include economic and moral prejudices-, the Trade Secret Act has actually developed a pretty severe protection regime.

In addition, actions for unfair competition, that could be also applied, and the criminal implications that may arise from the violation of trade secrets raise the level of protection provided by the Trade Secrets Act and, considered all together, it definitely constitutes a very dissuasive legal framework.

How do we protect the databases produced by the implementation of the algorithm?

The knowledge and data collected are, indeed, together with the algorithm designed to process the big data, another important intangible asset that also deserves protection.

In this case, both the Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases and the Royal Legislative Decree 1/1996, dated 12th April, enacting the consolidated text of the Intellectual Property Act, provide a framework of protection for the exploitation of databases under the so-called sui generis right, as well as under copyright. 

We will focus on the first -sui generis right- since copyright protects the singularity of the format, structure or configuration of the database, but not its exploitation and the access to its content, which is the subject of the sui generis right and which normally constitutes the most substantial part of the asset.

Sui generis protection entails a sort of exclusivity for the database producer to exploit and use the database with the information obtained, which at the end of the day results in the possibility for the producer to prohibit the extraction and/or re-utilization of all or a substantial part of the contents of the database.  In the view of the Court of Justice of the European Union, the sui generis right is ultimately intended “to safeguard the results of the financial and professional investment made in obtaining and collection of the contents' of a database”, so that the entire database or a substantial part of it is protected against certain actions from third parties or competitors.

Accordingly, in order to benefit from the protection conferred by the sui generis right, it is essential to prove the existence of an investment both for the constitution of the database and for its functioning.  This investment, as pointed out by the Court of Justice of the European Union “may consist in the deployment of human, financial or technical resources but it must be substantial in quantitative or qualitative terms. The quantitative assessment refers to quantifiable resources and the qualitative assessment to efforts which cannot be quantified, such as intellectual effort or energy.”  It will thus be essential that those who intend to benefit from the sui generis right register and collect all resources -financial, technical or human-, so that the investment in the generation and maintenance of the database can be duly proven.

As for the duration of the sui generis right, it covers a period of fifteen years from its creation, which may be increased by a period of the same duration for any substantial amendments made to it.

As in the case of trade secrets, the actions for violation of the sui generis right include, among others, those of cessation and prohibition to continue with the infringing conduct as well as those of return, destruction or disablement of the illegally obtained supports, all of this together with the compensation of the damages and prejudices caused.  Furthermore, insofar as the sui generis right does not exclude the application of other protective measures that might be applicable -the database could be also considered as a trade secret and its use by third parties an act of unfair competition- the actions inherent to such figures could also be applicable.

In conclusion, there are legal mechanisms for the protection of algorithms and databases as intangible assets, but both of them -the trade secret and the sui generis right- require a pro-active attitude from the entrepreneur to justify the secret nature of the algorithm and the investment made in creating and maintaining the database it has produced, since the evidence of these two elements will make it possible to benefit from the legal protection afforded by our legal system.