MB Milestones (03/2018)

EU Trade Secret Directive on the Horizon - Executive Summary

From Vera Buriánek
From Vera Buriánek

The deadline for implementing the recent “EU Trade Secret Directive” has expired on 9 June 2018.

The Directive offers new possibilities for EUwide know-how protection for an unlimited time but at the same time requires that businesses set up a business-wide secret protection policy for their trade secrets.

I. What is protected (subject matter)?
The Directive sets a minimum standard for the protection of trade secrets which all EU Member States have to guarantee. At its heart, the Directive provides for a uniform definition of the term “trade secret”:

“Trade secret’ means information which meets all of the following requirements:


(a) It is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;

(b) It has commercial value because it is secret;

(c) It has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret; “

(Article 2 No. 1 Directive)

This definition is identical to the current definition of a “trade secret” under Article 39, para. 2 TRIPS and similar to the definition which is applicable in 48 of the 50 US States. In practice, a “trade secret” can cover diverse types of information, ranging from “technological knowledge to commercial data such as information on customers and suppliers, business plans, and market research and strategies” (Directive, Recital 2). A draft of the German implementing law also cites research results of universities, if they are participating in a competitive market, production processes, lists of suppliers and customers, cost information, business strategies, corporate data, market analyses, prototypes, formulae and recipes.

The two pre-requisites for trade secret protection of these kinds of information are their (a) secrecy and (b) that “reasonable steps” be taken by their holder to preserve this secrecy. In practice, the Directive´s third requirement that the information have potential or actual value (also) as a result of it remaining secret, should prove, in most cases, to be irrelevant.

II. Who is protected?
The Directive protects companies holding trade secrets, irrespective of their form of organization, size, market share and area of activity, and this will include “start-ups”, SMEs and non-commercial research facilities.

III. Protection from what? (i.e. what is infringing behavior?)
Under Article 4 para 2 (a) of the Directive, a number of specific activities are categorized as unlawful, namely:

“unauthorised access to, appropriation of, or copying of the embodied trade information”.

In addition, a broad catch-all category of “conduct … contrary to honest commercial practices” is stipulated as unlawful pursuant Article 2 Directive. According to the explanatory memorandum of the draft German implementing law, the question what behavior constitutes dishonest commercial practices should be determined pursuant to footnote 10 of Article 39 para. 2 TRIPS that reads:

“10. For the purpose of this provision, “a manner contrary to honest commercial practices” shall mean at least practices such as breach of contract, breach of confidence and inducement to breach, and includes the acquisition of undisclosed information by third parties who knew, or were grossly negligent in failing to know, that such practices were involved in the acquisition.“

Compared with previous trade secret protection under the German Act Against Unfair Competition, discovering the content of a “trade secret” through reverse engineering will no longer be an infringing activity as long as no breach of a confidentiality agreement or” any other duty not to disclose the trade secrets” is committed at the same time, Article 4 No. 2 (b) Directive.

IV. Available remedies against infringement
Under Article 12 Directive, companies with Trade secrets can obtain: (a) cessation or prohibition of the unlawful use/disclosure; (b) prohibition of the production, offering, placing on the market or use of infringing goods and of their importation, export or storage; destruction or delivery of the infringing materials to the applicant or a charitable organization; (c) “coercive measures”, such as recall, destruction or withdrawal of the infrininfringement.ging products from the market, as well as (d) publication of the court decision publicly stating the trade secret infringement.

V. Duration of protection/remedies?
Trade secret protection itself is indefinite and relies on the preservation of secrecy. As to the remedies, the Directive provides for a maximal statute of limitations in implementing national laws of 6 years, Article 8 Directive. The draft German law applies the general statute of limitations of 3 years under German private law to trade secret infringement.

VI. Exceptions to protection
The most prominent exception to trade secret protection under the directive is provided for specific cases of “whistle blowing”. As long as the whistle blower acts

“for revealing misconduct, wrongdoing or illegal activity, provided that the respondent acted for the purpose of protecting the general public interest”,

Article 5 (b) Directive no remedy under implementing national trade secret law shall be successful.

The explanatory memorandum to the draft German implementing law specifies that “misconduct” includes unethical behavior that does not necessarily violate any laws. As an example, it cites business activity abroad in countries where the conduct revealed through whistleblowing is not illegal, yet could be viewed as misconduct by the public opinion, such as an in the case of child labor, conditions of production which harm public health or the environment, or the systematic avoidance of taxable events.

VII. How to prepare for Directive as a business (“reasonable steps” to be taken)
The Directive requires that businesses seeking “trade secret” protection under the Directive take “reasonable steps … to keep it secret” (Art. 2 No. 1 c Directive). Therefore, the trade-secret owner will have to implement a trade-secret protection program. Since there is no existing EU case law on the question of what kind of protective measures are “reasonable” it is impossible to predict how courts will interpret the provision.

The explanatory memorandum to the draft German implementing law only clarifies that factors in evaluating whether protective measures are “reasonable” are: the value of the trade secrets at hand, the R&D costs connected to them, their importance for the business, the usual confidentiality/secrecy measures taken by the business, the nature of marking (e.g. as “confidential”) of the information as well as the existence of contractual confidentiality agreements between employees and business partners.

VIII. Possible protective measures include
a) Personal access restrictions both in the physical working space as well as in the digital company sphere

b) Systematically classifying and marking working documents both physical and digital materials; structure working processes on a “need to know” basis,

c) Establishing company “code of conduct” on confidentiality creating an official line on how sensitive business information should be treated with appropriate training for employees;

d) Reviewing company IT security measures against outside threats of data theft through hacking

e) checking/amending contracts to include “confidentiality clauses” 

  • employment contracts to include Non-Disclosure-Agreements with employees and (within limits of employment law concerning time and geographical reach) non-compete clauses 
  • contracts with business partners to include “confidentiality clauses”/ ”limited use” of company products clauses in order to prevent legal reverse engineering of products by business partners, such as suppliers

 

f) Prevent trade secret violations by incoming new employees on the flip side of the coin: employers should be careful with know-how brought into the company by new employees and possibly include a standard “disclaimer” in employment contracts, warning new employees of the associated risks for the company associated with the disclosure of trade secrets of a former employer.

g) Documentation of “reasonable steps” Finally, all protective measures taken should be documented for the purposes of evidence in a possible legal dispute. In order to document the value of a specific trade secret information, businesses should consider including their trade secrets in their financial accounting since this can be of use for the calculation of damages in case of litigation.

 

Sources:
1 : Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets); full text available on: http://eur-lex.europa. eu/legal-content/ EN/TXT/PDF/?uri=CELEX:32016L0 943&from=DE.

2 : nations of the World Trade Organization (WTO), full text available on: https://www.wto.org/english/ docs_e/legal_ e/31bis_trips_04d_e.htm.

3 : Köhler/Bornkamm/Feddersen/Köhler, UWG, §§ 17-19, Rn. 17; Steinmann/Schubmehl, Vertraglicher Geheimnisschutz im Kunden-Lieferanten- Verhältnis – Auswirkungen der EUGeheimnisschutz- RL am Beispiel der Automobilindustrie, CCZ, 194.

4 : Hoeren/Münker, Die EU-Richtlinie für den Schutz von Geschäftsgeheimnissen und ihre Umsetzung – unter besonderer Berücksichtigung der Produzentenhaftung, WRP 2018, 150, 151.