Trade secrets are worth protecting – and the EU thinks so too

By Marcus Henke on 31. January 2019

EU-Directive_Know-How-Schutz-EN_750x250

The success of a company can stand or fall based on its business idea. To take Apple as an example, the company would never have become so successful if it had stuck to copying Nokia or Motorola devices. And Twitter would never have survived on the market for so long without its unique character limitation idea.

But knowledge about how to implement a business idea is just as essential. This knowledge includes production processes, market analyses and studies. These all count as trade secrets and are worth protecting. The European Union knows this too, which is why it introduced the Directive on the protection of undisclosed know-how and business information (trade secrets) in 2016. It has been binding since 9 June 2018. But what exactly does this mean?

The law is the law – even without a law

The UK implemented the Trade Secrets Regulation in June 2018. In Germany and Austria, the EU directive hasn’t yet been implemented in national law. However, it is still binding on companies and valid in a court of law. That’s why companies are encouraged to adapt their internal policies accordingly.

Looking at the judgements made up until now, this is a huge challenge to quite a number of managers. This is because the term ‘trade secrets’ covered a lot more in Germany than in the rest of the EU as it was based on German competition and criminal law. It meant that trade secrets only needed to be designated as such, and that very little was required of the trade secrets’ owners in terms of what they did to protect them.

What’s new in the EU directive?

1.The term “trade secret” has been defined clearly and unambiguously for the first time. It refers to all information that is secret, has commercial value, and is subject to the appropriate measures to keep it secret by the person who has legal control over it.
2. Over and above this definition, the European legislator makes it a precondition for companies to implement protection measures to safeguard the confidentiality of the trade secrets. The appropriate measures that companies must implement will be decided on a case-by-case basis.

There is also a comparison involving the following two points:

3. Lawful acquisition, usage and disclosure of trade secrets and

4. Unlawful acquisition, usage and disclosure of trade secrets.

The acquisition of a trade secret is considered to be lawful if it has been discovered independently or during standard business practices. Lawful usage and disclosure are regulated by EU or national law. By contrast, the acquisition of a trade secret is considered to be unlawful if it is a result of unauthorised access to documents, as well as the unauthorised appropriation or copying of documents or similar that are under the lawful control of the trade secret owner. Usage and disclosure are considered to be unlawful if they are carried out by a person who has unlawfully acquired the trade secret and uses or discloses it without the consent of the trade secret owner.

Recommendation for companies

Whilst there remains some uncertainty as to how national the Directive’s requirement for appropriate protection measures should be interpreted, it is clear that there are actions that companies can take to protect business critical information. This could include data encryption or sharing information using secured datarooms or special collaboration solutions. It’s also essential to implement a need-to-know principle enterprise-wide – in other words, each employee is only given access to the data they need for their everyday work.

Today, most companies are unfortunately still providing widespread access to confidential data in order to avoid any slowdowns in the business. But managers need to rethink this practice. This is the only way to ensure their data can never fall into the wrong hands.

Information Security

This could also be of interest:

Cryptic messages: an ABC of encryption

Cryptic messages: an ABC of encryption

Read more
Software design: the importance of microservices and agility

Software design: the importance of microservices and agility

Read more
The value of data: cyber-criminals have companies in their sights

The value of data: cyber-criminals have companies in their sights

Read more
The role of the CISO: a key function

The role of the CISO: a key function

Read more