Michal Koščík

Database authorship and ownership of sui generis database rights in data-driven research

ABSTRACT The research objective of the article is to analyse the rules on authorship and joint authorship of databases, as well as the ownership and joint ownership of database makers’ sui generis rights as provided for in the Directive 96/9/EC on the legal protection of databases (DD) and its selected national implementations, and to identify the underlying problems and discuss solutions how to overcome them contractually. In order to achieve this objective, an analysis of the black-letter law and case law is provided in the second section of the paper. The DD, however, does not provide much guidance when it comes to defining the author (or joint authors) and owner (or joint owners) and leaves a lot of leeway to Member States, as is further analysed in the third section. In the fourth section of the paper, the focus turns to issues of applicable law that determine the author(s) and rights owner(s) in cases where the protectable subject matter was created/produced jointly by multiple entities from various jurisdictions. In the final fifth section of the paper, the appropriate contractual arrangements of jointly owned rights are presented as a possible solution to the legal uncertainty raised by the current black-letter law.

Data protection and codes of conduct in collaborative research

ABSTRACT The article aims to describe the current status quo of codes of conduct applied by research institutions to manage data protection issues in light of the General Data Protection Regulation (GDPR). We assessed whether the current codes of conduct meet the criteria of codes of conduct as defined by Article 40 of the GDPR. We have found that there are very few ‘codes of conduct’ or good practices that would meet the definition set out in Article 40 of the GDPR. We have found that universities and research institutions had neither the incentives nor the resources to create internationally binding codes of conduct and settled for declarative documents or internal guidelines. A good level of compliance with the Data Protection Directive and national laws was adopted even without codes of conduct which would apply beyond a single institution or grant agency. We have identified that the demand and need for binding codes of conduct are increasing, albeit only in specific research fields. The main incentive is international cooperation, the need for the standardization of data protocols, and most likely fear of high sanctions introduced by GDPR.