Innovation, the European market and the new EU Trade Secrets Directive
August 2014 | PROFESSIONAL INSIGHT | INTELLECTUAL PROPERTY
Financier Worldwide Magazine
Without warning, on 28 November 2013, the European Commission (EC) published a draft Trade Secrets Directive (the Directive). Although those in the know were aware the EC was looking at the problems created by a lack of consistent protection for innovative ideas across Europe, nobody was expecting the publication of a Directive.
Following consultation, an amended ‘compromise draft’ was published on 4 March 2014 and was followed again by a further version, which is probably close to a final version, on 26 May 2014. Although the Directive is expected to be passed by the European Parliament before summer 2015 and for local laws to be passed in the following year or two, many organisations are already planning to exploit the opportunities it creates.
The aim of the Directive is to harmonise the protection of trade secrets, across the 28 Member States of the EU. But why? The reason lies in the preamble to the Directive: the EC is concerned to ensure the smooth functioning of a single European market and as part of the ‘EU 2020 Strategy’ obligated itself to create an innovation friendly environment for business.
Legislators are increasingly recognising that innovation is critical to the economies of industrialised nations. Intangible assets like trade secrets and confidential information have grown to account for approximately 80 percent of the market value of publicly traded shares, and companies of all sizes depend on them for continued competitive advantage. In a world where the US has had trade secret protection laws for several years, but only around two-thirds of EU states have similar legislation, the disadvantage to business in the European market is clear.
The Directive will harmonise laws across the EU in three main areas: (i) the definition of what is a ‘trade secret’, and the ways in which they will be protected throughout Europe; (ii) the remedies available to trade secret holders when they suffer a theft or unauthorised use; and (iii) measures the Court can use to prevent trade secrets leaking during legal proceedings.
At the moment, there is an inconsistent level of protection of sensitive data across the EU Member States. Even in countries where there is existing legislation, there may still be no statutory definition of what a trade secret is. Instead, definitions have mostly evolved through judicial interpretation of more general laws. This is true to an even greater extent in countries with common law legal systems, such as the UK.
To complicate things further, some countries such as France, the UK and Germany currently have more than one definition of a trade secret, depending on whether the information is disclosed in the context of the employment relationship or not. This is clearly unhelpful for innovation in international businesses.
When the Directive is implemented, businesses will have certainty for the first time that their sensitive or confidential information can be protected throughout Europe – as long as they make sure they keep it within the following definition: (i) ‘secret’ in the sense that it is not generally known by, or readily accessible to, people in the wider community who normally deal with that kind of information. This applies not only to single pieces of information, but crucially to collections of information. This ensures that manuals, processes and recipes can all be protected, as long their precise configuration is not generally known outside the business or its contractual supply chain. It also means that it will become easier to enforce confidentiality over CRM data and software features and functionality across Europe; and (ii) it has commercial value, not necessarily an intrinsic financial value, because it is ‘secret’; and (iii) it has been subject to reasonable steps to keep it ‘secret’ by those who lawfully hold the information.
The means that as long as your supply chain, licencees, franchise holders and other business partners are required to observe your security requirements for the information, then it remains ‘secret’ and protectable.
This definition corresponds closely to the existing definitions in some EU Member States such as Denmark, Spain and Italy. Elsewhere, such as in the UK, Germany, Poland and Hungary, however, the requirement for a trade secret to have commercial value will narrow the existing definitions of confidential information. This raises an important question for Member States: whether implementation of the Directive should come in addition to, or instead of, their existing laws.
In practice, it seems most likely that the implementation of the Directive will alter the practice of local courts so that the Directive protections are effectively extended to cover other types of confidential information. It would be unexpectedly perverse if litigation adopted the procedural measures set out in the Directive, only for those protections to fall away if the information in question was found to fall outside the Directive definition of ‘trade secret’ during the litigation.
As an added bonus, the Directive’s approach is very similar to that of the US Uniform Trade Secrets Act, which defines a ‘trade secret’ as being that which: (i) derives independent actual or potential economic value from not being generally known to, or readily ascertainable by, other persons who can obtain economic value from its disclosure or use; and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. This similarity should further promote the confidence of transatlantic businesses to expand their operations in Europe.
One similarity that the EU will not share with the US, however, is criminalisation of trade secret misuse. Although some states, such as Germany, France and Finland, already have varying degrees of criminal sanctions in this area, the EU will not compel or encourage other member states to follow suit.
An additional consequence of keeping any type of commercial information ‘secret’ in this way, particularly the ability to maintain legal ‘secrecy’ by a series of contractual measures with third parties, is that the information can become commercially exploitable in its own right. Some businesses are already exploring new charging structures based on their new ability to classify specific sets of data as ‘trade secrets’. There is clear potential for the exploitation of previously private processes, recipes or datasets in similar ways or through licencing or franchising.
Having ensured that they have implemented measures which satisfy the legal test of “reasonable steps… to keep it secret”, businesses will have a range of solutions available to them if valuable information does walk out the door with employees, contractors, LLP members, business partners or ex-franchisees.
If a trade secret is used, copied or disclosed without permission by someone who has acquired it unlawfully, has broken a contract that limits its use (such as a licence or franchise agreement) or has breached a confidentiality agreement or NDA, then the remedies include: (i) injunctions to prevent further use or disclosure of the information; (ii) court orders prohibiting infringing goods from being produced, marketed, sold, stored, imported or exported; (iii) seizure or delivery up of infringing goods (including imported goods) to stop them being circulated in the market; (iv) delivery up of electronic information, even where it is part of a larger file or materials; (v) court orders compelling product recalls; (vi) orders requiring alteration to the products, so that infringing characteristics are removed – this includes software and electronic data, such as customer databases; (vii) destruction of infringing goods; and (viii) publication of judgments in appropriate cases.
Use in this context also includes using the information to ‘significantly benefit’ the design, functioning or processes used in other products. Generally speaking, businesses will have up to six years to take action, although when an injunction is needed then action will obviously still be needed as soon as possible.
Through increased use of confidentiality agreements and updated commercial agreements, business will be able to begin to show they are taking ‘reasonable steps’ to keep information secret and open the door to new revenue and product lines. But documentation alone is not the whole answer. It needs to be accompanied by a series of practical measures, implemented in an integrated way through the collaboration of stakeholders such as the HR, Legal, Compliance and IP groups.
The Directive undoubtedly creates new protections and opportunities. Apart from increasing the range of protective steps available across Europe and increased business certainty, both the exploitation of new product lines and increased leverage from existing products are now definitely possible.
The key to ensuring your organisation can take advantage of these possibilities will lie in satisfying the two core elements of the ‘trade secrets’ definition: that it stays ‘secret’ as described above and is subject to reasonable steps to keep it ‘secret’ throughout the supply chain.
In preparation for the new legal framework, it is now a good time to start to introduce measures to show that ‘reasonable steps’ are in place to protect manuals, processes, formulas, recipes, software and CRM data at all levels. Security arrangements should be reviewed and updated to ensure that effective and consistent measures are implemented all the way from employees, contractors and freelancers through to suppliers and franchisees. Measures should range from making sure that documents are appropriately marked as ‘confidential’ to pre-employment vetting of R&D staff and physical and electronic segregation of the information you need to protect. Alongside this, contractual confidentiality and security obligations also need to be updated and applied consistently across business units and jurisdictions.
Getting these steps right should ensure that your business is well set to take advantage of the new international legal framework with additional confidence.
Warren Wayne is a partner at Bird & Bird LLP. He can be contacted on +44 (0)207 905 6230 or by email: firstname.lastname@example.org.
© Financier Worldwide
Bird & Bird LLP