Research data raises many legal issues. The right associated with the research data depends on the nature of these data. There are data covered by copyright, others by thesui generisright, ie, a specific which belongs to the database producer. There is also a huge amount of data which is
6 Livre sur les données ouvertes (Open Data Book), B. Meszaros et al., 2015
7 Open science in a digital republic, CNRS, 2016
8 The Semantic Web, Scientific American Magazine, 2001
9 Gérer les données de la recherche, de la création à l’interopérabilité (Manage research data from creation to interoperability), J. Demange, 2015
1.2 Some legal aspects concerning the research data
covered by regulations. These regulations may come from instructions or from various laws on raw data, such as the INSPIRE instructions on geographical data10. The purpose of these instructions is primarily to ensure the interoperability and the harmonization of the data, for use, from anywhere in the world. The regulations may also concern personal data (SHS data or bio-medical data), or confidential data or of sensitive nature (health data, for example). These same data can also be understood as public information.
Lionel Maurel, lawyer and librarian, emphasizes the importance of establishing "a precise legal diagnosis to determine the status of each layer composing the results of a research project: software, inventions, research data, digitized contents, associated meta-data, editorial recognition through articles, books, websites, etc". Each layer can have a different status, which also regulates the licenses to choose and to supervise their availability and their reuse11.
In the following steps, we provide details on the overall points, related to the rights, associated with research data.
1.2.1 Intellectual Property
Definition 4 Intellectual property can be defined as a set of exclusive rights granted to the author of an intellectual work (Intellectual Property Code).
It consists of two branches:
• literary and artistic property, including copyright and the right of databases and
• industrial property, which concerns patents, trademarks, designs and models, names of the field.
Databases are defined by the Intellectual Property Code.
Definition 5 Databases are a collection of works, data or other independent elements, arranged in a systematic or methodical manner, and individually accessible, by electronic means, or by any other means (article L.112-3 of the Intellectual Property Code).
The instruction of March 11th, 199612, transposed in France by the law of July 1st, 199813 con-cerning the protection of databases, defines the structural protection for these databases. Databases are protected under two possible basis:
• under copyright, on the structure of the database (layout, disposal), as part of the original work spirit and / or
• under the rightsui generisof the producer’s database, from the moment when the producer justifies a financial, material and human investment in the database.
Exception to copyrights and to the producer’s database, as part of the research
The Law of a Digital Republic14put into application on October 9th, 2016, introduces an amendment to the Intellectual Property Code, thus providing an exception, to copyrights and to the producer’s database, for performing searches and explorations on texts and data as part of the research.
10 The Inspire guidelines for neophytes, F. Merrien et M. Leobet, 2011
11 Le statut juridique des données de la recherche (The legal status of research data), L. Maurel, 2015
12 Directive 96/9/CE du 11 mars 1996 sur la protection des bases de données (Directive 96/9/EC of March 11th, 1996 on the protection of databases)
13 Loi 98-536 du 1erjuillet 1998 (Law 98-536 of July 1st 1998)
14 Loi no2016-1321 du 7 octobre 2016 pour une République numérique (Law n° 2016-1321 of October 7th, 2016 for a Digital Republic)
Thus, when a work has been disclosed, its author may not prohibit copies or digital reproductions, made from a lawful source, for the purpose of exploring texts and data included or associated with the scientific writings, intended to the public research, is prohibited to the usage of any commercial purpose. A decree sets the conditions under which the exploration of texts and data is implemented, as well as the methods of preservation and communication of the produced files. At the end of the research activities, for which they were produced; these files incorporate the research data (article L 122-5 of the Intellectual Property Code).
Similarly, when a database is made available to the public by the right’s holder
the latter may not prohibit, other than for any commercial purposes, the digital copies or reproductions of the database, made by a person who lawfully has access thereto, for the purpose of searching in-depth, texts and data included or associated with the scientific writings in a research setting. The preservation and the communication of the technical copies, resulting from the processing, in the end of the research activities, for which they were produced, are secured, by decree, by the designated organizations.
Other copies or reproductions are destroyed (Article L 342-3 of the Intellectual Property code).
The following criteria must therefore be met to qualify this exception:
• access to a lawful source
• for the purpose of exploration / search in-depth of texts and included data or associated with the scientific writings
• for the purpose of public research / in a research setting, with a non-commercial goal.
The text does not give any definition of the very notion of exploration or search in-depth of texts and data. However, it is generally considered that Text Data Mining (TDM) consists of exploring, via searching technical tools, bulks of texts and / or with numerous sources and supports of the data - in order to infer from it the new knowledge.
R Implementing decrees are expected in January 2017 to clarify the conditions and for putting, these exceptions, into application. But, early 2018, in the absence of an implementing decree, the TDM exception is not operative. People are working to get this TDM exception accepted in the Future European Copyright Directive currently under discussion in Brussels and Strasbourg.
1.2.2 Rendering anonymous the personal data
Article 2 of the law "informatique et libertés"15defines the concept ofpersonal data.
Definition 6 A personal data is qualified as "any information related to a natural person identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements of its own. In order to determine whether a person is identifiable, all the means must be taken into account, so as to allow his or her identification, which is available or to which the responsible or any other person may have access".
15 Article 2 de Loi 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (Article 2 of the Law 78-17 of January 6th, 1978 related to IT, to the files and to freedoms)
1.2 Some legal aspects concerning the research data
Personal data may bedirectly identifiable(last name, first name,. . . ) orindirectly identifiable (INSEE directory registration number, telephone number, IP address,. . . ).
Conversely, the data is not a personal data, or a combination of data which is not related to a natural person and does not identify a natural person. The Personal character depends on the means which can be implemented and leading to the identification of a person. The field of personal data is thereforeprogressive, as it depends on the technical side and its performances. It is also important to take into account thecontext of the information processingto infer from it the personal character:
indeed, the identification of an individual can also be inferred from the own knowledge of the people who process the data.
Definition 7 Rendering anonymous is a procedure which breaks the link between the data and a natural person, thus protecting the privacy of the individuals.
The usage of rendering anonymous may be necessary when an entity is not legitimate to process personal data for the purposes which he or she has chosen. In fact, rendering anonymous would make it possible to benefit from the enriched data, while protecting the privacy of individuals and meeting the requirements for the protection of personal data.
However, the concept of rendering anonymous is not easy to apply because it is difficult or impossible to determine, whether a data is always a personal data, or if it has been rendered anonymous. Indeed, an individual can be identified indirectly, for example through other data sources, which combined together, will lead to his or her identification.
To assess the rendering anonymous, it would be necessary to answer several questions:
• Is it reasonably possible for a natural person to be identified from the processed data and from other data?
• What is the probability of a re-identification?
• What is the probability that the re-identification is correct?
R If you are interested in the different techniques of the existing rendering anonymous processes, their effectiveness and their limits, you can refer to the document written by Benjamin Nguyen
16.
1.2.3 Health data
Health data are considered as sensitive data according to the law "Informatique et Libertés".
Definition 8 Health data are "personal data which, directly or indirectly, reveal racial or ethnic origins, political, philosophical or religious opinions or trade union membership of persons, or the one which is related to health or sex life of these persons" (art.8 loi "Informatique et Libertés").
There is no legal definition of health data, either in the French law or in the European law, but there are indications which appear in:
16 Techniques d’anonymisation, B. Nguyen, Statistique et société, 2014 (Techniques of rendering anonymous, B.
Nguyen, Statistics and society, 2014)
• Article 1111-8 of the Public Health Code (CSP) : data "collected or produced during prevention, diagnosis or care activities";
• the jurisprudence Lindqvist Court of Justice of European Communities (CJCE ) 6/11/2003, Bodil Lindqvist, C-101/01) provides some insights about the definition of health data: the EU Court of Justice considers, in this case the indication of a person who has been injured on foot and is on sick leave constitutes personal health data within the meaning of Article 8, paragraph 1 of the Directive 95/46 / EC. The Court, in this case, gives a broad interpretation to the term "health data", "as such it includes information on all aspects, both physical and psychic, of a person’s health";
• the decision of the State Council of July 19th, 2010 No317182 also provides some indications which, for students enrolled in specialized classes, "the only reference that the student is enrolled in a health care structure does not give much information about the nature or the severity of the affection, of what he or she suffers, to be considered as a health data". On the other hand, if the information makes it possible to identify the type of disability or impairment of the student, then it will be a health data;
• the European regulation states that "health data includes any information related to a person’s physical or mental health, or the health services’s allowances allocated to which person".
Health data are considered particularly sensitive and are subject to specific guidelines.
1.2.4 Software licences
To conclude on the legal issues, we would like to make a carving on the problems related to software and more particularly to open source software by quoting a brochure17which emanates from the Free Software Thematic Group (GTTL) of the SYSTEMATIC competitiveness pole. This brochure covers software protection, the specific legal framework of free software, the use and the operations of free software. This document is indirectly related to our issues, but it seems important to remind us how free software plays a major role in our daily lives. In particular, many middleware (software serving as an intermediary for communication between several applications), cloud and big data tools are open source projects. Thus the ownership, of these technologies by communities, is easier and, on the other hand, the adoption passes through the communities, which make it a success or a failure, and no longer through the circuits, which can be locked up, by large operators.