Right to protection of data?

How is protection of data regulated?

The legal protection of data is not uniform. For personal data, the GDPR applies, which means that data subjects have certain rights regarding the protection of their data. Furthermore, data controllers have a number of obligations that are in line with those rights.

Besides protecting personal data, there are also ways to protect the datasets themselves. A copyright or a database right gives the rightsholder an exclusive right to a dataset and thus a legal way to protect a dataset. However, these rights do not apply to a lot of forms of data. If the creation of a dataset did not involve significant effort, no database right will arise, and if there is no creativity involved (as with measurements), or no personal stamp is added (as with copying newspaper articles), then there is no copyright either. So, it must be proved that there is indeed a right by which the data would be protected.

Who has a right to protection of data?

The right holder of a right to a dataset has a number of rights to protect the dataset, including the exclusive right to regulate the reproduction and distribution of the dataset. See the article about database rights [link].

If when talking about personal data, the person concerned has the right to have his data protected by the data controller of the dataset. The data controller then also has a duty to protect the data.

How can data be legally protected?

It is not possible to legally own data. This is because data is not a "product" (not a tangible object). However, it is possible to protect data through intellectual property law. For example, it is possible to copyright data if certain conditions are met. In addition, a particular dataset may form part of an invention, which is protected by a patent. Furthermore, a database right arises when people put time and effort into compiling a dataset by organising and labelling information. However, database law only protects the composition of the data and not the exact data it contains.

In addition to the approach from intellectual property, it is also possible to make contractual agreements. In an agreement, agreements can be made between parties about the data. For instance, agreements on who is allowed to see the data, for what period of time and how the data can be accessed. If one of the parties does not comply with the agreements in the agreement, this party commits a breach of contract and in many cases, compensation will have to be paid. To protect the data as much as possible, it is therefore important to make proper agreements.

If your personal data is being processed, then things are a bit more nuanced. Because of the GDPR, as a data subject you have a number of rights that allow you to control or restrict the processing of your personal data. However, there is no way to ensure that no one else will process your personal data, because not all forms of processing require consent.