The Interface Between Data Protection and IP Law: The Case of Trade Secrets and the Database sui generis Right in Marketing Operations, and the Ownership of Raw Data in Big Data Analysis

  • Francesco Banterle
Part of the MPI Studies on Intellectual Property and Competition Law book series (MSIP, volume 28)


Data is the new oil. The value of personal data has changed marketing strategies and business models based on data analysis. This article analyses whether sets of personal data collected for commercial exploitation can be the subject matter of intellectual property (IP) rights, specifically trade secrets and the database sui generis right. The first part of the article provides a concise analysis of EU data protection laws and the requirements for processing data for commercial purposes. The second part examines whether lists of customers and profiling data can be protected as business information under the EU trade secret law, also recalling Italian case-law experience (Italy is a unique example, where trade secrets constitute full IP rights). The third part analyses whether a database consisting of personal data processed for marketing and profiling purposes can benefit from the database sui generis right regime. The last part of the article investigates the case of data ownership in the context of big data, particularly in relation to cloud platforms. This part elaborates the ownership regime set out by the intersection between data protection and intellectual property laws. Finally, the article asks which ownership regime is applicable to raw data that are not subject to privacy or intellectual property rights, in particular, whether raw data can be subject to a general property right.


Data protection Privacy Intellectual property Trade secrets Database sui generis right Big data IoT Data ownership 


  1. Aplin, T. (2014), A Critical Evaluation of the Proposed EU Trade Secrets Directive, King’s College London Law School Research Paper No. 2014-25, available at:
  2. Aplin, T. (2015), Right to Property and Trade Secrets, in: C. Geiger (Ed.), Research Handbook on Human Rights and Intellectual Property, Edward Elgar 421-437 (also available at:
  3. Article 29 Working Party (2007), Opinion No 4/2007 on the concept of personal data, 01248/07/EN WP 136Google Scholar
  4. Article 29 Working Party (2010a), Opinion 2/2010 on online behavioural advertising, 00909/10/EN WP 171Google Scholar
  5. Article 29 Working Party (2010b), Opinion 1/2010 on the concepts of “controller” and “processor”, 00264/10/EN WP 169Google Scholar
  6. Article 29 Working Party (2012), Opinion 5/2012 on Cloud Computing, 01037/12/EN WP 196Google Scholar
  7. Article 29 Working Party (2013a), Opinion 03/2013 on purpose limitation, 00569/13/EN WP 203Google Scholar
  8. Article 29 Working Party (2013b), Advice paper on essential elements of a definition and provision of profiling within the EU General Data Protection Regulation, available at:
  9. Article 29 Working Party (2014a), Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, 844/14/EN WP217Google Scholar
  10. Article 29 Working Party (2014b), Opinion 5/2014 on Anonymisation Techniques, 0829/14/EN WP216Google Scholar
  11. Article 29 Working Party (2015), Opinion 02/2015 on C-SIG Code of Conduct on Cloud Computing, 2588/15/EN WP 232Google Scholar
  12. Article 29 Working Party (2016), Opinion 03/2016 on the evaluation and review of the ePrivacy Directive (2002/58/EC), 16/EN WP 240Google Scholar
  13. Baker & McKenzie (2013), Study on Trade Secrets and Confidential Business Information in the Internal Market, study prepared for the European Commission, Publication Office of the European Union, available at:
  14. Bambauer, J.R. (2014), Is Data Speech?, 66 Stanford Law Review 57 (also available at:
  15. Banterle, F. (2016), Personal data processing for marketing purpose under the new GDPR: consent v legitimate interest and Recital 47 – first thoughts,, available at:
  16. Bently, L. (2013), Trade Secrets: “Intellectual Property” But Not “Property”?, in: H.R. Howe / J. Griffiths (Eds.), Concepts of Property in Intellectual Property Law, CUP, 60-93Google Scholar
  17. Bertani, M. (2000), Impresa culturale e diritti esclusivi, GiuffrèGoogle Scholar
  18. Bertani, M. (2011), Diritto d’autore europeo, TorinoGoogle Scholar
  19. Bronckers, M. / McNelis, N. (2012), Is the EU obliged to improve the protection of trade secrets? An inquiry into TRIPS, the European Convention on Human Rights and the EU Charter of Fundamental Rights, 34 European Intellectual Property Review 673Google Scholar
  20. Burri, M. / Meitinger, I. (2014), The Protection of Undisclosed Information: Commentary of Article 39 TRIPS, in: T. Cottier / P. Véron (Eds.), Concise International and European IP Law: TRIPS, Paris Convention, European Enforcement and Transfer of Technology, Kluwer Law International (also available at:
  21. Calabresi, G. / Melamed, A.D. (1972), Property Rules, Liability Rules, and Inalienability: One View of the Cathedral, 85 Harvard Law Review 1089CrossRefGoogle Scholar
  22. Cogo, A. (2005), Note to Corte di Giustizia UE 9 novembre 2004, Case C-444/02, Fixture Marketing v. OPAP, 14 AIDA 415Google Scholar
  23. Cogo, A. (2009), Note to Corte di Giustizia UE 9 ottobre 2008, Case C-304/07, Directmedia Publishing GmbH v Albert-Ludwigs-Universität Freiburg, 18 AIDA 374Google Scholar
  24. Colston, C. (2001), Sui Generis Database Right: Ripe for Review?, 3 The Journal of Information, Law and Technology 1361-1369, available at:
  25. Corien, P. (2006), Property and Privacy: European Perspectives and the Commodification of Our Identity, in: P.B. Hugenholtz / L. Guibault (Eds.), The future of the public domain, Kluwer Law International, 223-257 (also available at:
  26. Cormack, A. (2013), Bins, MACs and Privacy Law, 15 August 2013, Jisc community, available at: (last accessed: December 2016)
  27. Davison, M.J. (2003), The Legal Protection of Databases, Cambridge: Cambridge University PressGoogle Scholar
  28. Davison, M.J. / Hugenholtz, P.B. (2005), Football fixtures, horse races and spin-offs: the ECJ domesticates the database right, 27 European Intellectual Property Law Review 113Google Scholar
  29. Derclaye, E. (2005), The European Court of Justice Interprets the Database Sui Generis Right for the First Time, 30 European Law Review 420 (also available at:
  30. Derclaye, E. (2008), The Legal Protection of Databases: A Comparative Analysis, Edward ElgarGoogle Scholar
  31. Esayas, S.Y. (2015), The role of anonymisation and pseudonymisation under the EU data privacy rules: Beyond the ‘all or nothing’ approach, 6(2) European Journal of Law and Technology (also available at:
  32. European Commission (2005), DG Internal Market and Services Working Paper: First evaluation of Directive 96/9/EC on the legal protection of databases, Brussels, 12 December 2005, available at:
  33. European Commission (2012), Evaluation of the Implementation of the Data Protection Directive, Annex 2, available at:
  34. European Commission (2016a), Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination – Final Report, available at:
  35. European Commission (2016b), Synopsis Report On The Contributions To The Public Consultation Regulatory Environment For Data And Cloud Computing, available at:
  36. European Data Protection Supervisor (EDPS) (2012), Opinion on “Unleashing the potential of Cloud Computing in Europe”, available at:
  37. European Data Protection Supervisor (EDPS) (2013), On the proposal for a directive of the European Parliament and of the Council on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, available at:
  38. European Data Protection Supervisor (EDPS) (2014), Report of workshop on Privacy, Consumers, Competition and Big Data 2 June 2014, available at:
  39. European Data Protection Supervisor (EDPS) (2015), Opinion 7/2015 Meeting the challenges of big data, available at:
  40. European Union Agency For Network And Information Security (ENISA) (2015), Big Data Security Good Practices and Recommendations on the Security of Big Data Systems, available at:
  41. Fairfield, J. (2005), Virtual Property, 85 Boston University Law Review 1047 (also available at:
  42. Falce, V. (2009), The (over)protection of information in the knowledge economy. Is the Directive 96/9/EC a faux pas?, 4 Dir. aut. 602-628Google Scholar
  43. Galli, C. (2011), Codice Commentato della proprietà industriale e intellettuale, UtetGoogle Scholar
  44. Ghidini, G. (2015), Profili Evolutivi del diritto Industriale, GiuffrèGoogle Scholar
  45. Guglielmetti, G. (2003a), La tutela del segreto, in: C. Galli (Ed.), Le nuove frontiere del diritto dei brevetti, TorinoGoogle Scholar
  46. Guglielmetti, G. (2003b), Commento all’art. 5, in: P. Auteri (Ed.), Attuazione della Direttiva 96/9 relativa alla tutela giuridica delle banche dati, CEDAMGoogle Scholar
  47. Hugenholtz, P.B. (1998), Implementing the European Database Directive, in: J.J.C. Kabel / G.J.H.M. Mom (Eds.), Intellectual Property And Information Law, Essays In Honour Of Herman Cohen Jehoram, Wolters Kluwer, 183-200Google Scholar
  48. Information Commissioner’s Office (ICO) (2014), Big data and data protection, available at: (last accessed: December 2016)
  49. Koo, A.K.C. (2010), Database Right Decoded, 32 European Intellectual Property Review 313-319Google Scholar
  50. Lavagnini, S. (2016), Sub art. 102-ter l.a., in: L.C. Ubertazzi (Ed.), Commentario Breve alle leggi su Proprietà Intellettuale e Concorrenza, CEDAMGoogle Scholar
  51. Mattioli, M. (2014), Disclosing Big Data, Maurer Faculty Paper, 99 Minnesota Law Review 535 (also available at:
  52. Mysore, D. / Khupat, S. / Jain, S. (2013), Introduction to big data classification and architecture, available at: (last accessed: December 2016)
  53. Pereira Dias Nunes, D. (2015), The European Trade Secrets Directive (ETSD): Nothing New Under the Sun?, Lex Research Topics on Innovation No. 1/2015, available at:
  54. Polonetsky, J. / Tene, O. / Finch, K. (2016), Shades of Gray: Seeing the Full Spectrum of Practical Data De-Identification, 56 Santa Clara L. Rev. 593 (also available at:
  55. Prins, C. (2006), When personal data, behavior and virtual identities become a commodity: Would a property rights approach matter?, 3:4 SCRIPTed 270, available at:
  56. Purtova, N.N. (2011), Property in Personal Data: Second Life of an Old Idea in the Age of Cloud Computing, Chain Informatisation, and Ambient Intelligence, in: S. Gutwirth / Y. Poullet / P. de Hert / R. Leenes (Eds.), Computers, Privacy and Data Protection: an Element of Choice, SpringerGoogle Scholar
  57. Reichman, J.H. (1994), Legal Hybrids Between the Patent and Copyright Paradigms, 94 Columbia Law Review 2432-2558CrossRefGoogle Scholar
  58. Reichman, J.H. / Samuelson, S. (1997), Intellectual Property Rights in Data?, 50 Vand. L. Rev. 49Google Scholar
  59. Resta, G. (2011), Nuovi beni immateriali e numerus clausus dei diritti esclusivi, in: G. Resta (Ed.), Diritti esclusivi e nuovi beni immateriali, UtetGoogle Scholar
  60. Schneider, I. (2015), Big Data, IP, Data Ownership and Privacy: Conceptualising a conundrum, presentation in the themed session “IP Governance, Big Data, Data Ownership and Privacy” at the EPIP Conference “Intellectual Property in the Creative Economy”, Glasgow, UK, 2-3 September 2015, available at:
  61. Schwartz, P.M. (2004), Property, Privacy, and Personal Data, 117 Harv. L. Rev. 2055 (also available at:
  62. Scuffi, M. / Franzosi, M. / Fittante, A. (2005), Il Codice della proprietà industriale, 450, CEDAMGoogle Scholar
  63. Sholtz, P. (2001), Transaction costs and the social costs of online privacy, First Monday 6/5, available at:
  64. Sousa e Silva, N. (2014), What Exactly is a Trade Secret Under the Proposed Directive?, 9 (11) Journal of Intellectual Property Law & Practice 923 (also available at: Scholar
  65. Stamatoudi, I. (2002), To what extent are multimedia works films?, in: F. Dessemontet / R. Gani (Eds.), Creative ideas for intellectual property, The ATRIP Papers 2000 – 2001, CEDIDACGoogle Scholar
  66. Surblytė, G. (2016), Data Mobility at the Intersection of Data, Trade Secret Protection and the Mobility of Employees in the Digital Economy, 65 GRUR Int. 1121; Max Planck Institute for Innovation & Competition Research Paper No. 16-03 (May 13, 2016), available at:
  67. Torremans, P.L.C. (2015), The Road Towards the Harmonisation of Trade Secrets Law in the European Union, 20 Revista La Propiedad Inmaterial 27 (also available at:
  68. Ubertazzi, L.C. (2014), Proprietà intellettuale e privacy, Foro it., 3-16Google Scholar
  69. van Erp, S. (2009), From ‘Classical’ to Modern European Property Law?, in Essays In Honour Of Konstantinos D. Kerameus, Sakkoulas / Bruylant, 1517-1533 (also available at:
  70. Zeno-Zencovich, V. (1989), Cosa, in: Digesto delle discipline privatistiche, Vol. IV, 438, UtetGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Francesco Banterle
    • 1
  1. 1.University of MilanMilanItaly

Personalised recommendations