A medicinal product’s rights are not necessarily limited to patent protection and its extension. In order to obtain marketing authorisation for a medicinal product, a registration dossier must be submitted to the relevant authorities, consisting of administrative information, information concerning the product quality, safety and efficacy, and clinical data. The exclusive rights and protection available for such data must be clearly understood when making key business decisions in pharmaceuticals, such as whether to enter into a deal, how to structure it, and in cases of unauthorised access, or use of clinical data developed by a company.

Clinical data
Clinical data refers to the data collected, selected, assessed and organised in clinical trials for studying the results of the administration of an investigational medicinal product for human beings. These data may include the study subjects’ medical records, case report forms as well as final reports containing the data once assessed and critically analysed. These data – the collection and organisation of which requires considerable investment – may be relevant for a number of reasons. However, the main purpose is usually to demonstrate the safety and efficacy of a medicinal product and, consequently, to obtain authorisation to place it on the market.

Clinical data may be protected in a number of ways in theory. However, the protection which applies has to be assessed on a case-by-case basis. Circumstances that may affect protection are, for example: the qualitative and/or quantitative investment made to organise such data on a database; the nature of the data; the way in which the data are selected and organised; the subject and the contrariety of a fair competition; and the adoption of an administrative decision based on the clinical data submitted.

Database sui generis protection
Clinical data are often selected, collected and organised in a structured way in specific databases. Depending on the circumstances, these data may be organised so that they enjoy a sui generis protection (see Directive 96/9/EC). Sui generis protection is the right granted to the creator of a database that required the investment of considerable human, technical and financial resources, and it recognises the substantial qualitative and/or quantitative investment in obtaining, verifying or presenting the database contents. The protection grants the database creator the right to prevent unauthorised extraction and/or re-utilisation of the whole or a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database, by any third party, that may have serious economic and technical consequences to its creator for at least fifteen years.

The applicability of sui generis protection to databases containing clinical data may seem theoretically possible, but is subject to assessment on a case-by-case basis. Existing case law interprets the substantial investment requirement restrictively but the notion of extraction extensively, so it can be expected that not all databases containing clinical data will qualify for sui generis protection. However in cases where sui generis protection applies, the database creator will enjoy a broad protection. For example, in Case C-203/02 it was stated that: “[t]he expression ‘investment in ... the obtaining ... of the contents’ of a database in Article 7(1) of Directive 96/9/EC of the European Parliament and of the Council of March 11 1996 on the legal protection of databases, must be understood to refer to the resources used to seek out existing independent materials and collect them in the database. It does not cover the resources used for the creation of materials which make up the contents of a database.” Also, in Case C-304/07 the court stated that the notion of extraction “covers any unauthorised act of appropriation, of the whole or a part of the contents of a database, by any means or in any form and irrespective of the purposes of the extraction.”

Confidentiality law provisions
Although clinical data are collected and organised in a structured database, they can also be protected under confidentiality law provisions. Article 39(3) of TRIPs specifically refers to the obligation of member states to protect undisclosed test or other data, the origination of which involved considerable efforts, submitted to competent authorities as a condition for the approval of the marketing of a pharmaceutical, against unfair commercial use. Article 39 of TRIPs was first implemented in Italy by Legislative Decree 198/1996 which introduces an Article 6bis to law 1265/1939 (the so-called Law on inventions). This provision, which essentially reproduced the text of Article 39 of TRIPs, was then substituted by Articles 98 and 99 of Legislative Decree 30/2005 (the so-called Italian Industrial Property Code, also IPC). Article 98(2), in particular, expressly refers to the need to protect “data concerning test or other data, the collection of which requires a considerable commitment and which is required to be presented in order to obtain an authorisation to introduce onto the market chemical, pharmaceutical or agricultural products involving the use of a new chemical entity.”

These Articles innovated and strengthened the protection of confidential information in Italy which is now protected erga omnes, that is, irrespective of professional qualification and the contrariety to fair commercial use of the agent.

Copyright protection and unfair competition provisions
Clinical data may be also protected under copyright law and unfair competition provisions. Clinical data are often selected, collected and organised in a structured way in specific databases. These databases – to the extent they can be considered an original work, for example by reason of the original selection and/or arrangement of the contents of the database itself (such as protocols, clinical trials reports) – can be protected under copyright law (see Directive 96/9/EC). Although copyright protects rights holders from unauthorised reproduction of their works either in total or in part, it does not extend to the contents of a database. Copyright protection of a database containing clinical data, therefore, could be not opposed, in principle, to third parties using the data but not reproducing the same original format of the right owner.

As to unfair competition provisions, under Article 2598, Section 3 of the Italian civil code, any act of a competitor contrary to unfair competition practices and with the potential to damage the other party’s business is unlawful and can be pursued. Clinical data acquired by a competitor by means contrary to fair competition practices – not eligible for protection under Article 98 and 99 of the IPC – may be then protected under unfair competition law ex Article 2598, Section 3.

Data exclusivity right
This right protects data submitted for the purpose of adopting a regulatory decision concerning, for example, the granting of a marketing authorisation (including orphan drug medicinal products and paediatric use marketing authorisation) or of a new indication. This right prevents applicants for generics or similar biological products to refer to the results of pre-clinical tests and of clinical trials data contained in a third party registration dossier until a specific amount of time has passed from the initial authorisation granted in favour of the reference product. However, this protection applies only once the concerned product (or indication)  as been authorised by the competent authority and it does not prevent third parties from developing its own data. Therefore, data exclusivity protection only relates to uses of the data in the context of an abridged application and does not concern the data themselves.

When to enforce rights
Clinical data are an important asset and the ownership of and/or right to use them must be carefully considered before entering into a deal concerning a medicinal product. In particular, a clear understanding of which rights may protect clinical data in general and which rights are actually enforceable in a specific situation could be extremely relevant when deciding:

  1. whether to start or continue a negotiation;

  2. how to adequately structure a deal; and

  3. how to draft relevant contractual clauses.

With point 1, it could be case that after an accurate analysis (such as due diligence), it is discovered that clinical data are not eligible (in total or in part) for any of the protections above or that the rights enforceable do not adequately protect the investments that were being considered. In all these circumstances, it may be decided (in particular in the case of an early detection) to simply break off the negotiation. As to point 2, it might be case that if, as above for example, clinical data are not eligible for protection, appropriate amendments to the terms of the deal should be negotiated, such as the economic conditions. As to point 3, it might be decided to include a number of additional contractual provisions which offer better protection, such as representation, warranties, and indemnification clauses, in case the alleged rights to the clinical data concerned turn out later on to be ineffective and/or insufficient for the purposes of the deal, such as the marketing of a medicinal product.

Furthermore, a clear understanding of exclusive rights protecting clinical data may be also relevant in order to identify:

  1. who is the actual owner of the data, which rights can be transferred, and which are actually transferred (see ownership right v right to use);

  2. which options are available and how to react in case of unauthorised uses of  clinical data.

As to point 1, it is not uncommon to find out during a negotiation that the marketing authorisation holder wishing to sell a medicinal product is not the actual owner of all rights pertaining to that product. This may be the case, for example, in a medicinal product whose clinical data were originally developed and organised (such as in a structured database) by one company (such as in a group of companies by the mother company) and subsequently licensed to its subsidiaries for the purpose of marketing the product in the different EU member states.

Under the scenario above, normally each of the subsidiaries will be not in a position to transfer full ownership of the concerned medicinal product to third parties because they simply have the right to use these data (or even the entire dossier) in compliance with the terms and conditions indicated by the relevant intra-group licence agreement. Moreover, in most of the cases, subsidiaries will be not even in a position to sublicense these data (and the relevant dossier) to third parties without the mother company’s prior consent. Adequate knowledge of rights that possibly protect clinical data may be crucial also in these situations to help, for example, select the appropriate agreement to negotiate (a purchase agreement, a licence agreement or a mix of the two).

As to point 2, there are a number of occasions when the unauthorised use of clinical data contained in a registration dossier may occur such as following an ordinary request for access to documents. Under applicable legislation (as to EU Institutions and bodies, see Regulation (EC) 1049/2001),, access to clinical data could be, in principle, denied in all cases where disclosure would undermine the protection of commercial interests, including IP rights, but where there is an overriding
public interest to disclose such data. This was also confirmed in a recent decision of the European Ombudsman (see decision 2560/2007/BEH of November 24 2010) – the EU body in charge of investigating complaints of maladministration in the activities of the EU institutions and bodies – which followed a complaint lodged by Nordic Cochrane Centre, a health care research and information centre, against the European Medicines Agency (EMA), concerning the refusal of the EMA to grant access to clinical data contained in a registration dossier.

A clear understanding of the rights protecting clinical data might also help here to limit access and/or further uses of the data. This might be the case, for example, where database sui generis protection applies and intended uses of the data extracted (based on an overriding public interest claim), exceed the scope of the original request. In these cases, given the broad interpretation of the notion of extraction, which covers any unauthorised act of appropriation of the whole or a part of the contents of a database, by any means or in any form, irrespective of the purposes used by the subject, marketing authorisation holders might be entitled, in principle, to prevent or to pursue any unauthorised use of the data extracted that does not fall within the scope of the original request.