The new German Trade Secrets Act reforms the way confidential know-how and business information is protected in the country.
Data theft and data leakage represent a serious threat not only for personal data; in our time these are a major security risk in case of trade secrets as well. News and studies regularly remind us of the extent and effects of industrial espionage and competitive spying. The Trade Secrets Act (Gesetz zum Schutz von Geschäftsgeheimnissen) is an important piece of legislation, that is about to transform the protection and enforcement of trade and business secrets in Germany.
After several months of delay, on 21 March 2019, the German parliament adopted the Federal Government’s draft Trade Secrets Act, which should be enforced over the course of this year. This act implements European Union Directive 2016/943 on the protection of undisclosed know-how (such as construction drawings, manufacturing methods, ingredients and recipes) and business information (like customer data, market studies and purchasing prices) into national German law with the aim of protecting trade secrets from unlawful acquisition, use and disclosure.
Harmonizing rules on trade secret
So far, the protection of confidential know-how and business information had solely fragmentarily been regulated by several German laws, including specific ones like the Act on Copyright and Related Tights (Urheberrechtsgesetz) and Patent Law (Patentgesetz) and less specific ones like the Law against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb) as well as paragraphs of the Civil Code (Bürgerlichen Gesetzbuches).
The new law is foreseen to harmonize the various existing national rules. Furthermore, as directives are legislative acts with goals that all EU countries must achieve, it is expected that the German Trade Secrets Act creates a foundation for the protection of trade secrets across the EU. According to the law, comprehensible protection against unlawful acquisition, use and disclosure can be achieved as “access to trade secrets and their exploitation can be of significant economic value”.
A legal definition for trade secrets
One of the most significant innovations the German law brings is the legal definition of a trade secret. The qualification of any information as “trade secret” doesn’t depend only on the owner’s subjective intention or an objective need for secrecy; it is additionally determined by objective means of protection. According to the law, trade secrets refer to information:
- which is not generally known or readily accessible, either in its entirety or in the precise arrangement and composition of its components, to the persons in the circles who normally deal with this type of information and is therefore of economic value,
- which is subject to appropriate confidentiality measures by its lawful holder under the circumstances, and
- in whose confidentiality the holder has a legitimate interest.
New measures for businesses
The new law states that unprotected information cannot be considered a secret thus owners of a trade secret have to apply “appropriate” measures to ensure non-disclosure. Furthermore, they have to be able to demonstrate that such specific measures have been in place in order to claim protection under the Trade Secrets Act.
Businesses will need to identify information that can be considered a trade secret and take preventive measures to safeguard it. These measures must be implemented on both a technical and an organizational level and they must be suitable to ensure internal and external data breach prevention. The Trade Secrets Act does not define specific measures; just like in case of the GDPR, the spectrum should include confidentiality clauses, monitoring access to information, firewalls, encryption, etc.
If a data breach occurs despite appropriate privacy measures, the owner of a trade secret may assert claims against the infringer. The means of redress in case of infringement under Trade Secrets Act include the cessation of or the prohibition of the use or disclosure of the trade secret. In addition, it is possible the recallment and destruction of the infringing goods, damages, pecuniary compensation, and claims to information.
Conclusion
Although the new law is not enforced yet, companies doing business in Germany should be aware of its opportunities and requirements and start preparing to comply with it for their own interest. GDPR can serve as a starting point in the implementation of the required security steps, including the identification of trade secrets, updating best practices to ensure continued protection as well as implementing technical and organizational data protection measures.
Download our free ebook on
GDPR compliance
A comprehensive guide for all businesses on how to ensure GDPR compliance and how Endpoint Protector DLP can help in the process.