Legal aspects of research data

Research data in the legal code

Research data are currently defined by Act no. 130/2002 Coll., on public funding for research and development as “information, with the exception of scientific publications, in electronic form, that has been gathered or created in the course of research or development and is used as proof in the process of research or development, or which is generally accepted by the research community as being essential for the validation of findings and results of research or development”.

On the general level research data are perceived more broadly – they may exist in both digital and nondigital form (e.g. physical samples). For the purposes of providing finance under Act no 130/2002 Coll., however, research data are defined solely as data in digital form.

Legal protection of research data

Due to the highly heterogeneous nature of individual data sets, there is no unified system of legal protection for research data. The opposite is true; data protection is fragmented into multiple possible protection regimes, which must be identified for each specific case and the data set handled accordingly. These are primarily:

  • Copyright law – if a data set or database meets the definition of a copyrighted work in the sense of copyright law

  • Database law – if a data set is a database into which its creator has placed substantial content, the creator of the database acquires so-called special rights of a database creator under copyright law

  • Personal data protection – if a data set contains personal data, it is subject to protection under the General Data Protection Regulation (GDPR) and the Personal Data Protection Act

  • Other – e.g. the protection of trade secrets under the Civil Code or the protection of confidential information under the Confidential Information Protection Act

These regimes are not mutually exclusive and can co-exist with one another. For example, a data set containing the fingerprints of respondents is not protected by copyright law (fingerprints are not a copyrighted work); nonetheless, they can constitute a database protected by the special rights of a database creator while being simultaneously subject to personal data protection under the relevant statutory regulations.

It is also possible that data do not fall into any of these categories, and are therefore not protected at all. In such a case one talks about “simple data”. An example of this are data measured by meteorological instruments that does not constitute a database.

What about data ownership?

The phrase “data ownership” is one that we all hear relatively often. However, property rights are absent from the list above – and for good reason. Data cannot, in our opinion, be the subject of property rights. To put it simply, data cannot be owned (at the same time, it should be said that there is not complete agreement between lawyers on this issue).

Instead of “data ownership” it is, in our opinion, more appropriate to talk about effective control of data. For example, if a researcher stores data in a secure repository to which only they have access, then they have effective control over the data. However, they lose all control of these data at the moment of its publication. The rights and obligations in relation to the effective control of data (e.g. who has access to data, data security requirements) can be defined by contract or governed by the institution’s internal regulations.

Databases – what is actually protected?

1. Protection of a database as a whole

If research data are organised systematically or according to a methodology and available individually (by electronic or other means), they constitute a database. The creator of the database can then claim special rights of a database creator (under § 88 et seq. of the Copyright Act), which consist of the right of the creator to use the contents of the database, and specifically to reproduce the contents and make them publicly available. This is primarily the protection of the investment – not only financial, but also in staff and materials – made in the database by the creator.

In addition to the special rights of a database creator, a database may also be protected by copyright (known as a creative database) if the author (natural person) selects or organises the contents of the database in a creative way. In contrast to the special rights of a database creator, this is the contents not protection of the investment made by the database creator, but protection of the structure of the database, as distinguished by the author’s creative contribution. Examples of creative databases in research are not that common in practice.

The table below explains the basic differences between copyright and the special rights of a database creator:

Copyright law  

Special rights of a database creator 

What is protected?

Creative structure of the database.

Investment in the database.

Can it be transferred to another person? 

No; only licensing (granting of the right to use a work) is possible.


Can it be waived?


Yes – e.g. CC0 (waiver) licence can be applied.

How long does it last?

Personal copyright lasts for the author’s lifetime. 

Asset copyright lasts for the author’s lifetime and for 70 years thereafter.

Lasts for 15 years following creation of the database and is renewed with every substantial contribution to it.

Who can it belong to?

Only a natural person (human).

Natural person or legal entity.

Here, too, special rights of a database creator and copyright are not mutually exclusive – only one of these protection regimes may apply, or both can exist simultaneously, or a database may not be protected at all.

2. Protection of individual database elements

In addition to the database as a whole (which can be protected by special rights of a database creator and/or copyright), individual database elements may also be protected, irrespective of whether and how the database itself is protected. Individual database elements can be copyrighted works (e.g. texts, photographs) or personal data, which must be handled in accordance personal data protection regulations. Also, they need not necessarily be protected at all.

Licensing of research data

Due to the non-uniform legal protections afforded to data, the issue of its licensing is a complicated one, too. First and foremost, one should be aware that only copyrighted works and databases can be licensed (i.e., rights granted for the use of a copyrighted work. It is therefore desirable to licence only data sets that are copyrighted works or protected by special rights of a database creator. Databases protected by special rights of a database creator can be licensed with a CC0 licence (waiver). With this licence, the creator relinquishes their own rights to the database and gives everyone the opportunity to use the licensed database without restriction (“extraction”).

If you are sure that copyright law applies, it is important to make sure that you that exercises copyright to the work, that is, that you are entitled to receive a licence. Within the environment of Charles University, it is certain that a large part of the data sets created in the course of research are employee works to which copyright is held by the employer (which is therefore the entity entitled to decide on licensing). The regime for employee works at Charles University is regulated by Rector’s Directive no. 17/2018. In the event that a licensed work has multiple co-authors, all must consent to the attachment of a licence.

If you want to make a data set publicly accessible, it requires a public licence so that users know, under conditions clearly defined in advance, what they can and cannot do with the relevant data set. The Creative Commons or Open Data Commons licensing sets, created especially for database licensing, are particularly suitable for the licensing of data sets.

Research data and obligations arising from Act no. 130/2002 Coll.

In addition to the definition of research data above, Act no. 130/2002 Coll. also lays down several obligations in relation to research data created in the course of publicly-funded scientific research. These are, specifically:

  • The obligation to describe, in the contract for the provision of funding for the project, the data management plan and information on the availability and means of dissemination of research data the results of research.

  • The obligation to publish information about research data in the R&D Information System.

  • The obligation to provide applicants with research data, on request and free of charge, if a period of at least twelve months has passed since the cessation of funding.

Useful resources

Ball, Alex (DCC). 2014. How to License Research Data    

OpenAIRE. How do I know if my research data is protected? Guides for Researchers.

Last change: April 2, 2024 15:01 
Share on: Facebook Share on: Twitter
Share on:  
Contact Us

Residency, Invoicing and Correspondence Address

Charles University

Central Library

Ovocný trh 560/5

116 36 Prague 1

Czech Republic

Office Address

José Martího 2 (2nd floor)

160 00 Prague 6

Phone: +420 224 491 839, 172



How to Reach Us