[BreachExchange] Protecting Trade Secrets in Europe – An Update

Inga Goddijn inga at riskbasedsecurity.com
Mon Apr 16 16:44:56 EDT 2018


http://www.ipwatchdog.com/2018/04/15/protecting-trade-secrets-in-europe-update/id=95794/

Negotiating the trade secret protection landscape in Europe can be a
complicated business. Each country has its own rules on what can be
protected, how it’s protected and the remedies available. Rules on
maintaining secrecy during court proceedings also differ between
jurisdictions. All this is (theoretically) set to change on June 9 when the
deadline for EU Member States to implement the EU’s new Trade Secrets
Directive expires.
*What will change? *

The Directive defines what can be protected as a trade secret and the
activities which amount to its unlawful acquisition, use or disclosure. It
also provides a uniform set of civil law remedies and requires Member
States to provide procedures to protect trade secrets during the litigation
process.

Some jurisdictions are going to be more affected than others by these new
rules. Belgium, in particular, will need to make some significant changes
to the protection it currently offers while Denmark, Italy, Spain and the
UK already offer the majority of the protections required by the Directive.
However, even in the less affected jurisdictions, the Directive will result
in some changes to the national law. Important changes introduced by the
Directive include:

   - The Directive will provide a right to take action against third
   parties who acquire a trade secret from another where they ought to have
   known under the circumstances that it had been unlawfully used or
   disclosed. This will strengthen the protection currently available in
   Germany, Italy, France, the Netherlands, Spain, Belgium, Denmark, and
   Poland. This increased protection could help clamp down on the market for
   stolen trade secrets (e.g. those obtained through cyber-attacks) by
   increasing the likelihood that a downstream recipient would also be found
   liable, despite their lack of actual knowledge that the information was
   stolen.
   - The Directive will also strengthen the protection available in
   relation to goods whose design, functioning, production or marketing
   significantly benefit from a trade secret. This will be of benefit to those
   seeking to enforce trade secret protection against parties who deal in such
   goods, especially in cases where goods are imported into the EU, having
   been manufactured in jurisdictions with less stringent trade secret
   protection.
   - The Directive provides protection for trade secrets during the course
   of litigation. This will improve the protections available in a number of
   jurisdictions including France, the Netherlands, Spain, Belgium, Poland,
   and Finland. In particular, the Directive allows confidentiality clubs,
   private hearings and the redaction of judgments. This will give trade
   secret owners more confidence to bring enforcement actions by removing the
   risk that the proceedings themselves could result in disclosure of their
   trade secret(s).
   - The Directive provides that interim and preliminary measures to
   protect trade secrets should be available in all jurisdictions. Such
   measures include interim prohibitions on the use or disclosure of a trade
   secret and preliminary injunctions and seizures relating to goods which
   significantly benefit from a trade secret. This will improve the range of
   interim remedies available in France, Belgium and Finland and provide
   greater legal certainty in other jurisdictions, where the status of some
   interim remedies has been somewhat unclear.

*What’s the current state of play? *

With the June 9 deadline for national implementation fast approaching, we
surveyed colleagues in our other European offices to check the state of
play in their jurisdiction. The picture which emerged was mixed.

Much progress has been made towards national implementation of the
Directive in the UK, Italy, France, The Netherlands, Denmark, Sweden, and
Hungary. Implementation in these jurisdictions is expected on or around the
June 9 deadline. Work is also underway in Poland and Finland, but it’s
possible that implementation could slip a few months past the deadline.
Slightly further behind are Spain, Belgium, and the Czech Republic. Germany
is currently lagging behind as the recent political deadlock surrounding
the formation of the new government has delayed the legislative agenda,
although a draft bill has been promised for the first half of 2018.

Approaches to implementation also vary significantly. The Netherlands,
Denmark, Hungary, and Finland are planning new legislation which will
replicate much of the wording of the Directive. Other jurisdictions such as
the UK, Italy, Poland and the Czech Republic are planning to enact only
those changes required to bring their existing law on trade secret
protection in line with the Directive.

The Directive only mandates a minimum level of protection which each
jurisdiction must provide and some jurisdictions are also using the
opportunity to introduce additional trade secret protections. Italy is
planning to include new criminal sanctions, with increased penalties where
the unlawful acquisition of a trade secret includes the use of “IT
instruments”, with the aim of dissuading the use of hacking to obtain trade
secrets. Finland is also planning to use its new legislation as an
opportunity to define the circumstances in which third parties such as a
company’s directors, employees, auditors and parties to a confidential
business relationship will have a secrecy obligation.
*Best practice*

Once fully implemented the Directive will improve trade secret protection
in Europe but there are a number of steps which businesses can take now to
benefit from this enhanced protection. These include:

   - Familiarizing themselves with the definition of what can be protected
   as a trade secret under the Directive.
   - To qualify as a trade secret under the Directive information must have
   been “*subject to reasonable steps … to keep it secret*“. Companies
   should, therefore, take steps to identify the categories of information
   they want to protect as a trade secret and ensure they would be able to
   document the steps taken to keep it secret.
   - Often the key to protecting trade secrets is moving quickly once an
   information security breach has been identified. Companies should put in
   place (and regularly review) incident response plans to define
   responsibilities and lines of communication along with internal and
   external legal and technical support which can be called upon. Being
   prepared to take action quickly will help companies best leverage the
   benefit from the potential interim remedies provided by the Directive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180416/cfcb8f63/attachment.html>


More information about the BreachExchange mailing list