Time to start preparing for the Trade Secrets DirectivePrint publication
Directive (EU) 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (the Trade Secrets Directive or the Directive) was adopted earlier this year and must be implemented into the national law of Member States by 9 June 2018. Businesses should start preparing for the Directive now as steps taken now may affect the level of protection available when the Directive’s provisions become law.
The purpose of the Directive
At present, the protection afforded to trade secrets across the EU varies significantly from state to state. The UK common law provides considerable protection to trade secrets; this is not the case in all Member States. The Directive’s objective is to introduce a minimum harmonised level of protection across the EU. In particular, the Directive:
- provides a definition of “trade secret”
- harmonises the remedies available to the holders of trade secrets after unauthorised use or theft
- harmonises the measures available in litigation to prevent the leak of trade secrets during proceedings.
What is a trade secret?
Key to the Directive is the definition of “trade secret”. The Directive defines a trade secret as information that meets each of the following three requirements:
- it is secret, i.e. it is not generally known among, or readily accessible to, persons within circles that normally deal with this kind of information
- it has commercial value because it is secret
- it has been subject to reasonable steps under the circumstances to keep it secret.
This would include both technical information (e.g. recipes, processes) and commercial information (e.g. customer lists).
This may be compared with the position under English common law, established in the leading case of Coco v AN Clark (Engineers) Ltd:
- Does the information have the “necessary quality of confidence”?
- Was the information subject to an obligation of confidence?
- Has the information been misused by the recipient?
An issue that arises out of this definition of “trade secret” and which will probably require further clarification from the European Court is how “commercial value” is to be determined. Clearly, this will vary from case to case. The preamble to the Directive states that information has commercial value where its unauthorised “acquisition, use or disclosure is likely to harm the interests of the person lawfully controlling it, in that it undermines his or her scientific and technical potential, business or financial interests, strategic position or ability to compete”.
A second issue is what will constitute the taking of “reasonable steps”? Clearly, the more steps that are taken and the more stringently they are applied, the more likely it is that they will be considered to amount to “reasonable steps” – although the burden will obviously be greater as well.
Businesses should consider what steps they can take to safeguard trade secrets throughout their supply chain. For example, restricting physical or technological access to information or introducing new labelling. Businesses should ensure that all undertakings operating in the supply chain are obliged to ensure that the information or material in question is kept secret, and that they do so. Getting the contractual documentation right and auditing suppliers’ procedures and processes will be more important than ever.
The unlawful acquisition, use or disclosure of trade secrets without the consent of the holder will be “infringement” where the conduct in question is contrary to “honest commercial practices”. What constitutes an “honest commercial practice” will not always be capable of objective assessment (and may depend on the governing law of the dispute) but it is hard to argue that a knowing breach of a non-disclosure agreement (NDA) would not fall within that category – so asking recipients of confidential information to sign an NDA before disclosure is, as it is now, unquestionably best practice.
The acquisition of a trade secret will be considered to be lawful when it is obtained by any of:
- independent discovery or creation
- reverse engineering
- use of information for trade union activities
- any other practice which, under the circumstances, is in conformity with “honest commercial practices”.
Member States are required also to recognise certain exceptions to infringements and lawful acts. Exceptions include use of a trade secret for whistle-blowing.
A major omission from the Directive concerns employees. A significant proportion of unauthorised disclosure of trade secrets is done by employees, whether maliciously, negligently or post-termination, perhaps when they go and work for a competitor. The Directive has little to say on this. It does, however, recognise the legitimacy of the current UK practice of asking employees to sign non-compete covenants. The Directive makes clear that the definition of “trade secret” does not extend to experience and skills gained by employees in the course of their employment – which reflects the existing common law position. Employers should therefore continue to ensure that employees sign up to effective confidentiality and post-termination provisions in their contract of employment, that steps are taken to preserve the integrity of IT systems and that access to confidential information and access to trade secrets is restricted to just those employees who need it.
As well as awards of damages, the Directive’s remedies for the unlawful use, copying or disclosure of a trade secret include:
- injunctions to prevent further use or disclosure
- court orders prohibiting infringing goods from being produced, marketed, sold, stored, imported or exported
- seizure and destruction of goods
- product recalls.
The Directive contains provisions to safeguard confidential information during legal proceedings though it does insist on the presentation of a “duly reasoned” application – it does not apply automatically. What this means in practice may again vary from state to state.
What about Brexit?
The UK will almost certainly still form part of the EU when the deadline for implementation of the Directive comes round in June 2018. However, the UK representatives negotiating Brexit may decide that it is pointless implementing the Directive given that the UK might well have left the EU just a few months later and therefore decide not to bother. There would be some justification for this as the UK, unlike some other EU Member States, already has the benefit of an effective legal regime for protecting trade secrets and the Directive does not greatly add to this. The government may decide simply to “cherry-pick” aspects of the Directive that it considers useful and implement those bits. Nonetheless, it is probably safest for now – particularly given the uncertainty surrounding when Article 50 will be triggered – to work on the assumption that the Directive will be implemented into our national law.
- Audit supply chains for potential weak spots. Review contractual documentation and remind business partners of their obligation to preserve trade secrets.
- Review contracts of employment, consultancy agreements, etc. to ensure effective confidentiality and post termination provisions.
- Consider whether it is possible to restrict further than is currently the case the number of people who have access to trade secrets.
- Can more be done to mark confidential information as such? And keep it separate, physically and technologically from other information?
- Conduct a review of the integrity of IT systems. In this connection, see our recent article on cybersecurity, which is now, or should be, a board level issue.
  FSR 415