With the German Act on the Protection of Trade Secrets (GeschGehG), which came into force on 26 April 2019, the EU Directive on the Protection of Secrets was implemented and serves to better protect confidential know-how and trade secrets from illegal acquisition, use and disclosure. This means that the marginal regulations concerning the protection of secrets and know-how in Sections 17 to 19 of the German Unfair Competition Act (UWG) have been repealed by the EU Directive. This special protection is also accompanied by an obligation for companies to take appropriate measures.
It is then necessary to analyze what is meant by a trade secret.
I. Definition of a trade secret
Until now, the concept of a trade secret was not legally defined in German law. A legal definition of a trade secret can now be found under § 2 No. 1 GeschGehG. According to this, any information is a trade secret if it is secret and thus of economic value, if it is subject to circumstances that require appropriate secrecy measures and if there is a legitimate interest in keeping it secret. Information is protected in the broadest sense: both business information, such as customer and supplier lists, business plans or advertising strategies, and know-how, such as prototypes, algorithms or construction plans.
1. conditions for adequacy: appropriate confidentiality measures
Another new feature is the requirement of “appropriate secrecy measures”, whereby the appropriateness must be based on the value and nature of the secret and the size of the company. It always depends on the individual case. It is no longer sufficient to have a mere will to maintain secrecy. In the absence of such secrecy measures, the scope of application of the law does not even open up.
It must also be emphasized in internal operations that without concrete measures no protection can be granted and that Non-Disclosure Agreements (NDAs) or encryptions considered secret information can no longer be considered a trade secret according to Section 2 No. 1 GeschGehG. Admittedly, the appropriateness depends on many different factors, and concrete criteria have not yet been established by case law. However, this is an objective element of the offence — the burden of proof and demonstration has to be borne by the owner of the secret.
2. practical aids for everyday work
There is no clear or consistent answer for the implementation of effective protection measures. However, companies can do a lot to protect themselves.
Classification of information
First of all, it must be investigated from which places or persons a danger is assumed. A list of risks is the first step to take measures.
Consequently, it is inevitable that companies mark their information or secrets confidentially and, if necessary, classify them according to their need for protection. Trade secrets can be divided into three categories:
First class:
The existence of the company could be threatened if the classified information becomes known.
Second class:
Disclosure of the information could cause permanent economic damage to the company.
Third class:
The company could suffer temporary economic damage if the information is no longer classified.
Which information belongs in which classification always depends on the company. However, the same principle applies to all companies: The more important the secrecy of the respective information is, the more concrete and extensive the measures have to be in order to be able to prove the appropriateness in court.
How should the entrepreneur protect himself: IT security
Technical protection measures include appropriate access and use restrictions through password and virus protection. It is important to use strong and secure passwords to protect electronic documents. These passwords should also be renewed at regular intervals. Electronic data and electronic messages containing secret information can also be protected and sent using encryption. Access restrictions based on the “need-to-know” principle can also be useful. According to this principle, employees can only access such secret information if it is necessary for the performance of their tasks. Under certain circumstances it may also be recommended to block access to certain computer or Internet functions. USB ports can not only make it easier to quickly copy information, but also allow viruses or Trojans to enter. Therefore, some USB ports should be blocked in an emergency. Without a well-developed IT protection system, many companies run the risk of leaking sensitive information to third parties.
How should the entrepreneur protect himself: Organisational measures
Undertakings should also define responsibilities and access restrictions for business secrets in physical form. For example, binders or prototypes should be secured in well-protected departments or vaults. Protected areas should be protected from external visitors and persons. Possible staff training could also be an effective and appropriate protection measure.
What should the entrepreneur pay particular attention to: Legal protective measures
One of the most sensible measures is to adapt contracts to protect trade secrets. Employment contracts should stipulate in advance that employees with access to confidential information are obliged to protect it and not to disclose it. Such non-disclosure obligations with employees are important for future evidence. In addition, such obligations ensure that the marked trade secrets are not illegally used or disclosed by the employee, even after termination of the employment relationship. It should be noted that the limit of the post-contractual prohibition of competition is not exceeded (§ 74 et seq. HGB). This is only effective under certain circumstances. Which type or class of information is considered a trade secret should also be clearly marked in the contract in order to avoid future misunderstandings. So-called “catch-all” clauses, according to which all known secrets are covered, are not sufficient and therefore ineffective.
Without detailed non-disclosure agreements (contractual obligation of secrecy) with business partners, the information is no longer considered a trade secret.
It is questionable whether claims exist if the old contractual partner uses or discloses the contractual know-how after the end of the contract. It could be that the contractual partner could still be liable to prosecution even after the end of the contract if he uses or discloses information that he has obtained with authority, e.g. through the contract. The use or disclosure of the information does not become immediately permissible through authorised acquisition of secrets and may constitute a breach of contract if a post-contractual obligation of secrecy has been agreed which obliges him not to disclose the secret (cf. § 4 para. 2 no. 3 GeschGehG). This is because although the acquisition of the secret was made with consent, its use and disclosure was contractually restricted and may constitute a breach of contractual protection and due diligence obligations. The owner of the trade secret will also have an interest in protecting his secret after the end of the contract in contracts with business partners.
Of course, the protective measures listed above are dependent on the individual case and are not exhaustive. Finally, the protective measures must be reviewed and adjusted at regular intervals. In a counselling interview it can be examined which measures offer the optimal solution for your company.
II. New regulations through the GeschGehG
Reverse engineering
Reverse engineering refers to the creation of a 1:1 copy of a product from another company. According to § 3 I No. 2 GeschGehG, the observation, investigation, dismantling or testing of a product or object is now permitted if the product has been made publicly available or is in the legal possession of the analyst. Thus, “reverse engineering” is now generally permitted — up to the limit of patent or design law. If the business owner wants to avoid this, he must contractually and explicitly exclude reverse engineering or regulate whether, to whom and to what extent they allow it.
Whistleblower protection according to § 5 No. 2 GeschGehG
From now on, whistleblowers may obtain, use or disclose trade secrets if they serve to reveal illegal activities or professional or other misconduct, if they are suitable to protect the general public interest.
Claims in case of infringement
Under the new law, owners of trade secrets have a number of civil law claims against infringers in the event of unlawful obtaining, use or disclosure. These claims include removal and omission (§6), destruction, surrender and recall (§7), right to information (§8) and compensation for damages in the event of negligent or intentional violation (§10).
Conclusion
In conclusion, companies should build up and implement concepts and protective measures designed for the operation from the outset, before confidential information is obtained and disclosed. Measures should be documented for verification purposes. Whether NDAs can grant the desired protection of secrets or what claims you can make against legal violations, Mr. Fürstenow is happy to discuss with you.
Attorney-at-law Sascha C. Fürstenow will be pleased to advise you on this matter and offers a free and non-binding initial assessment of your facts in advance.