Database Rights In The UK: What Businesses Need To Know

If your business relies on data - customer lists, product catalogues, property listings, price histories, research datasets, or a unique directory - you likely have a valuable asset sitting in your systems: a database.

Protecting that asset isn’t just about firewalls and backups. Under UK law, you may benefit from a specific form of intellectual property called the “database right” that can stop others from copying or reusing the content you’ve invested in collecting.

In this guide, we’ll explain how database rights work in the UK, who owns them, how long they last, how they interact with privacy law, and what practical steps you can take to protect your data from day one.

What Are Database Rights?

Database rights are a UK “sui generis” (unique) intellectual property right that protects databases where there has been a substantial investment in obtaining, verifying or presenting the database’s contents.

In simple terms, if you’ve spent real time, money or effort gathering and curating data into a structured system, UK law can stop others from lifting or reusing that content without permission.

What Counts As a “Database”?

A database is a collection of independent works, data or other materials that are arranged in a systematic or methodical way and are individually accessible (electronically or otherwise). Examples include:

• An ecommerce product catalogue with SKUs, attributes and pricing
• A property portal’s listings and historical sales figures
• A SaaS platform’s searchable archive of industry benchmarks
• A curated business directory or lead list with verified contacts

What Does The Database Right Protect?

The database right gives the “maker” of the database the right to prevent unauthorised:

• Extraction – copying or transferring a substantial part of the contents to another medium
• Re-utilisation – making a substantial part of the contents available to the public by any means

“Substantial” can be quantitative (a big chunk of the data) or qualitative (the most valuable part). Repeated and systematic extraction of insubstantial parts can also infringe if it amounts to the same harm overall.

How Is This Different From Copyright?

Copyright can protect the original selection or arrangement of database contents if it reflects creative choices (for example, a novel taxonomy or presentation). Database rights protect the investment in the data itself, regardless of creativity. Many databases benefit from both, but they are separate rights with different criteria and durations.

Do You Own The Database Your Business Uses?

Ownership turns on who is the “maker” - the person or organisation that took the initiative and bore the risk of creating the database (for example, commissioning and funding data gathering and verification).

Employees vs Contractors

• Employees: Where an employee builds or maintains a database in the course of their job for the business, the employer is typically the maker and owner of the database right.
• Contractors/freelancers: If an external contractor builds or enriches your database, ownership does not automatically pass to you. You’ll usually need a written IP Assignment that assigns any database rights (and any copyright) to your company.

It’s common to combine assignment with a tailored IP Licence if a third party needs ongoing rights to use or maintain the database for you (for example, a data supplier or integration partner).

Using Third-Party Data

If you ingest third-party datasets (paid feeds, APIs, public datasets), your rights will depend on the supplier’s licence. Make sure the licence permits your intended use (internal analytics, training models, redistribution, resale, etc.) and check for restrictions on scraping, caching, and rate limits. Where you act as a processor for a client’s personal data inside your database, you should have a compliant Data Processing Agreement in place.

Post‑Brexit Considerations

UK law maintains the database right for UK makers. Protection in the EU is separate. If you need protection against extraction or re-use taking place in EU countries, you may require an EU nexus (for example, an EEA establishment) or contractual controls with EU users. For many small businesses, strong contracts and access controls remain the most practical solution.

How Long Do Database Rights Last?

The database right normally lasts for 15 years from the date the database was completed.

However, the clock can reset. If you make a substantial new investment that results in a substantial change to the contents (for example, a major refresh, expansion or re-verification of the dataset), a new 15-year term starts for that version.

Copyright in the database’s structure (if applicable) has its own term, typically lasting for the author’s life plus 70 years. It’s entirely possible for the database right and copyright to overlap in the same database.

How Do You Protect A Database In Practice?

Legal rights are powerful, but day-to-day protection of a database is as much about smart contracts and controls as it is about the underlying law. Here’s a practical framework you can apply.

1) Lock Down Ownership And Supplier Terms

• Put clear ownership and assignment clauses in employment and contractor agreements. Use an IP Assignment for contractors and data vendors so database rights sit with your company.
• If you allow ongoing use by a partner or client, grant specific rights using an IP Licence. Define permitted uses (internal use, analytics, model training), territories, sublicensing and duration.
• Include confidentiality protections and, where appropriate, a robust Non-Disclosure Agreement when sharing datasets for trials or demos.

2) Control Access And Set The Rules For Users

• If you provide access via a website or portal, post clear Website Terms of Use that prohibit scraping, bulk export, resale, or creating derivative datasets without permission.
• For platforms or APIs, bind customers to product-specific SaaS Terms and consider an Acceptable Use Policy to govern automated queries, caching and rate limits.
• Use technical controls (API keys, throttling, watermarking, audit logs) to detect and deter bulk extraction.

3) Address Privacy And Data Sharing

• If your database includes personal data, you must comply with UK GDPR and the Data Protection Act 2018. Be transparent about data collection and uses in a clear Privacy Policy.
• When using third-party processors (for hosting, enrichment or analytics), put a compliant Data Processing Agreement in place and carry out due diligence on security.
• Where you share personal data with another controller (for example, a channel partner), settle responsibilities with a Data Sharing Agreement.

4) Label, Log And Evidence Your Investment

• Keep records of the time, cost and processes involved in obtaining, verifying and presenting the data. These will help evidence “substantial investment” if a dispute arises.
• Tag datasets and exports with source notices and usage restrictions so recipients know the terms from the outset.
• Log suspicious activity and keep access records - they’re often vital in proving extraction at scale.

Can Others Scrape Or Reuse Your Data?

This is where many businesses feel the pain. Scrapers may argue they’re only taking “small bits” or using publicly available data. UK law - and your contracts - can still protect you, but it’s important to understand the boundaries.

Publicly Available Doesn’t Mean Free To Reuse

Even if your database is accessible online, database rights can prevent others from extracting or re-utilising substantial parts without permission. Your terms of use can also prohibit harvesting and automated access, which gives you a straightforward contractual claim.

Insubstantial Parts And Repeated Extraction

Taking genuinely insubstantial parts may be allowed. However, repeated and systematic taking of insubstantial parts that cumulatively equates to a substantial part is not permitted. Technical throttles and clauses in your SaaS Terms or website terms make this boundary much easier to enforce.

Text And Data Mining Exceptions

Limited exceptions exist for text and data mining for non-commercial research by certain organisations, but they don’t create a free pass for commercial scraping of your content. Most commercial reuse will still require a licence, and contractual restrictions remain key.

What About Information From Public Sources?

If a competitor builds their own database from truly independent sources (for example, manual research from multiple public records) without extracting a substantial part of your database, they may avoid infringement. But copying or republishing your curated dataset, or using your portal as the source, can still breach database rights and your terms.

What Happens If Someone Infringes Your Database Rights?

If you suspect infringement, act quickly and proportionately. Early steps often resolve issues without a court battle.

1) Preserve Evidence

• Capture screenshots, export logs and API call records.
• Record dates, IP addresses and user account details where possible.

2) Send A Targeted Letter

Set out the rights you rely on (database right and, where relevant, copyright and contract), identify the infringing activity, and state what you want (stop, delete, account for profits, confirm in writing). A well‑drafted letter often leads to quick takedown or settlement.

3) Consider Remedies

• Injunctions to stop ongoing extraction or re‑utilisation
• Damages or an account of profits for losses caused
• Delivery up or deletion of unlawful copies
• Orders to disclose the source and extent of the dataset

Where the infringer is (or was) a customer or user, your Website Terms of Use and platform terms are often the fastest route to relief because they create clear contractual obligations, regardless of debates about “substantial part”.

4) Tighten Controls Going Forward

Even if you resolve a single incident, take the opportunity to shore up access controls, add warnings and notices, and review your contracts. You might, for example, refine your IP Licence templates for partners or adjust your SaaS Terms to better handle API usage and rate limits.

Frequently Asked Questions About Database Rights

Do I Need To Register A Database Right?

No. The database right arises automatically if the legal criteria are met. That said, you should document your investment and put strong contracts in place to make enforcement easier.

Can I Sell Or Licence My Database?

Yes. You can license access or sell the asset outright. Use a clear IP Licence (for access) or assignment agreement (for transfer of ownership), and think carefully about warranties, data quality statements and privacy responsibilities.

What If My Database Includes Personal Data?

You must comply with UK GDPR. Be transparent (through a Privacy Policy), ensure you have a lawful basis, and put a Data Processing Agreement in place with processors who handle data for you. Database rights don’t override privacy law.

Will A “No Scraping” Notice Help?

Yes - when incorporated into binding terms and backed by technical controls. Contractual restrictions are often quicker to enforce than purely relying on the database right, and they can cover behaviour that falls short of a “substantial part”.

Key Takeaways

• Database rights protect the substantial investment you make in obtaining, verifying or presenting the contents of a database, giving you control over extraction and re‑use.
• Ownership normally sits with the business that took the initiative and bore the risk; secure rights from contractors with an IP Assignment and use an IP Licence for permitted third‑party use.
• Protection lasts 15 years, and significant updates can restart the term. Copyright in the structure may also apply alongside database rights.
• Put practical protections in place: Website Terms of Use, platform SaaS Terms, NDAs, access controls, audit logs and clear usage rules to deter scraping and bulk export.
• If the dataset includes personal data, comply with UK GDPR through a transparent Privacy Policy, appropriate Data Processing Agreements and, where relevant, a Data Sharing Agreement.
• When infringement occurs, preserve evidence, rely on both IP and contract, and act quickly - a clear, well‑drafted letter often resolves issues early.

If you’d like help protecting your database - from drafting licences and platform terms to privacy compliance and enforcement - you can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.