“According to media reports, the spectre of data theft returned to haunt the Indian BPO industry today with the arrest of four ex-employees of the Indian subsidiary of a US-based company on charges of siphoning off classified information causing loss of over Rs. three crore to the firm.
Parsec Technologies Inc, involved in business deals with mortgage originators, which provided housing loans for US citizens, through its Indian subsidiary PTL had lodged a complaint of data theft against one of its employees… and his three colleagues, police said.
What struck me here was the link with intellectual property. I quote:
“According to the police, M/s Parsec Technologies Limited (PTL) in Anand Vihar had lodged a complaint with the Intellectual Property Rights Section of the EOW….. “
EOW is the economic offences wing. In response to this news item, Pravin Dalal, a commentator on Cyber-law India, a news list that I subscribe to argued as follows:
“To put it shortly, Data Protection is available in India under the
(1) Article 300A of the Constitution of India, i.e. right to property that is a “Constitutional right”,
(2) Under the provisions of the Copyright Act, 1957 r/w Article 10
(2) of the TRIPS Agreement, and
(3) Under the IT Act, 2000.
Kindly go through http://perry4law.blogspot.com/ for more details
regarding Data Protection in India.
The current story only involves the first and second categories as mentioned above since no offence or contravention, as mentioned under the IT Act, 2000 has been committed or taken place. However, most of the Lawyers and the complaining party will be satisfied by the second category itself. This is exactly what happened in this case. That is why the Intellectual Property Rights Section of the EOW has taken cognizance of the matter.”
I was very worried and shocked that someone would invoke copyright here (and worse still, use a TRIPS provision to legitimize their argument). I extract some of the portions of my reply to Pravin:
“I think the key issue that I have with your response is that you almost take copyright infringement here as a given, as evident from your first response to this case (“complaining party will be satisfied by the second category”, meaning copyright).
You seem to conflate data protection and copyright protection (“To put it shortly, Data Protection is available in India under the following”).
Data protection normally implies the kind of ‘privacy protection’ that I had alluded to in my mail and re: which you made a distinction b/w commerical aspects and privacy aspects (“What you have mentioned is a “privacy aspect” and what I mentioned was a “commercial aspect””). When you refer to such “commmercial aspects”, I presume you mean a “database protection” which is very different from data protection. See this link
(I’m sorry that I couldnt find a better source—but the first 2-3 paragraphs of this bring out this distinction).
As Badri pointed out in one of his responses to you, it is not entirely clear that Indian copyright law, as such would protect all databases. Burlington (Delhi High Court case) may have worked out a “sweat of the brow” doctrine (an easy one to satisfy for databases) but the Navin J Desai case casts some doubt on this. No doubt, the judgment, to a large extent was informed by the fact that there can be no copyright over “judgments”, but does also, in my reading, seem to import a Feist like minimal creativity standard into Indian copyright law.
When the ‘civil law’ position on the eligibility of databases for copyright protection is unclear, it shocks me that someone like you would seem to endorse criminal liability (if indeed copyright liability was the main basis for the arrests by the economic offences wing).
All your other points re: constitution etc and the protection of property flow from your assumption that copyright law applies on all fours here. When this assumption itself is a weak one, I’m not sure that any of the other arguments would necessarily hold good. In any case, it seems a little odd to me that you would invoke Article 300A here. If you have a clear copyright case, why invoke 300A –especially when scholars around the world still debate whether copyrights and other IP’s are necessarily full fledged “property”. And if you dont have a copyright case (since copyright law does not protect the database at hand), you cannot then argue that there is a property right protectible under Article 300A. “
I’m sure most hard core IP enthusiasts already know that India does not have a separate sui generis protection for databases like the EU. Rather, one has to try and bring a database within the meaning of “literary” work under the Copyright Act. As I’d mentioned in the mail above, this is not an easy task, as the threshold for copyright protection is generally higher than one in the sui generis protection models (merely spending time and money in putting together a bunch of names and addresses may fall slightly short of the minimal modicum of creativity that some copyright regimes demand).
A couple of years back, I’d worked on a report for on whether India needed a separate sui generis protection for databases and I’d explained the above position in greater detail.
“It is pertinent to mention that India itself being a commonwealth country follows the “sweat of the brow” doctrine. The Indian courts have therefore protected compilations involving minimal originality stating that “no man is entitled to steal or appropriate for himself the result of another’s brain, skill or labour even in such works” (Govindan v Gopalakrishna AIR 1955 Madras 391). This rationale was followed in several cases and it was held that a compilation of addresses developed by any one by devoting time, money, labour and skill though the source may be commonly situated amounts to a ‘literary work’ wherein the author has a copyright(Burlington Home Shopping Pvt. Ltd. v Rajnish Chibber & Anr. 1995 PTC (15) 278).
In the first ever instance of copying of electronic databases, the Delhi High Court has been instrumental in injuncting an Italian infringer (Himalaya Drug Company Vs. Sumit, Suit No.1719 of 2000). The court restrained an Italian company that had copied the plaintiffs online herbal database onto its website, hosted by an American ISP. Pursuant to the Delhi High court restraining order, which was brought to the notice of the concerned Internet Service Provider (ISP) located in the US, the ISP removed the infringing content on its own accord and furnished the complete details of the infringer, who had rented space on the ISP’s website.
However in a recent case involving law reports (Navin J Desai vs Eastern Book Company), the Delhi High Court preferred to follow the Feist standard of ‘a modicum of creativity’ and denied protection to copy-edited judgments. The court held that changes consisting of changes of spelling, addition of quotations and corrections of typographical mistakes are trivial and no copyright exists therein.
The plaintiffs had also pleaded that the entire law report is a compilation or a database and entitled to copyright protection because it involved selection, collation, arrangement and coordination of various judgments which requires tremendous input of skill, labour, discretion, judgment and expenditure. Though the court did not give a specific finding on this point, but the eventual refusal to grant an injunction against the defendants suggests that the court disapproved the Plaintiffs’ assertions.
Therefore it seems that the Delhi High Court has raised the threshold of the requirement of originality from that of skill, labour and judgment to a minimum level of creativity, which most databases would not be able to satisfy.”
The Navin J Desai case went up to the Supreme Court, and I believe that the court upheld the point above (or at least there is nothing to suggest that they took a different view from the High Court in this regard—but I will reconfirm this).
I hope the economic affairs wing (EAW) that arrested these folks does not book them under the copyright act (which penalizes certain contraventions), as the link is far fetched. The links with the IPC (Indian Penal Code) and perhaps even the Information Technology Act are more solid.
While a strong signal needs to be sent out (in terms of punishing those guilty) to re-assure outsourcers from the US, EU and project India as a good outsourcing destination, one should also be careful in ensuring that the correct laws are applied. Readers will remember the ill effects of a misplaced enthusiasm to enforce the law in the infamous Baazee case. Along with a colleague, Badri Natarajan, I had written about this a few months back. (“Baazee, Bajaj and Bailing out the Law“). We concluded as follows:
“Bajaj is now out on bail. What of the law though-can it be bailed out too? Our attempt has been to show that the law in this case is fairly robust. As one of the articles on this theme stated -it is not the “law” here that is asinine, it is “law enforcement”.”