EU DEVELOPMENTS:
THE TRADE SECRETS DIRECTIVE AND
THE GENERAL DATA PROTECTION REGULATION
Presented by: Robert Lands, Head of IP and Commercial, Howard
Kennedy
www.howardkennedy.com
www.howardkennedy.com
Trade Secrets
• Protection of trade secrets under English law
• The new European Directive
• Practical steps to improve your position
www.howardkennedy.com
Trade Secrets in the UK
• No specific legislation
• No formal definition
• Not considered to be intellectual property
• BUT yet…
www.howardkennedy.com
Trade Secrets in the UK
• Trade Secrets / Know-How protected as confidential information
• “Know-How” defined in competition law
• Confidentiality- Contractual or equitable claim
• Two tracks of case law in commercial and employment cases
www.howardkennedy.com
Coco v AN Clark (Engineers) Ltd [1969]
Three step test:
• information must be confidential in quality and nature;
• it must be imparted so as to import an obligation of confidence; and
• there must be an unauthorised use of that information resulting in the detriment of the party communicating it.
www.howardkennedy.com
Proposed EU Directive
Directive of the European Parliament and of the Council on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure.
www.howardkennedy.com
Proposed EU Directive
• Why?
www.howardkennedy.com
Trade Secrets in Europe Today
Austria, Bulgaria, the Czech Republic, Estonia, Germany, Finland, Greece,
Hungary, Italy, Latvia, Lithuania, Poland, Portugal, Romania, Slovakia,
Slovenia, Spain, and Sweden
Belgium, France, Ireland, Luxembourg, Malta, the Netherlands and the UK
TRADE SECRET LEGISLATION NO TRADE SECRET LEGISLATION
www.howardkennedy.com
Proposed EU Directive
• Why?
• Key features
www.howardkennedy.com
Proposed EU DirectiveKey FeaturesDefinition of Trade Secret:
Information which:(a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;(b) has commercial value because it is secret;(c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.
www.howardkennedy.com
Proposed EU Directive
• Acquiring TS intentionally or with gross negligence by unauthorised access or copying of documents/materials containing TS (or from which they could be deduced), or obtaining these by theft, bribery, deception… or any other conduct contrary to honest commercial practices.
• Use or disclose an unlawfully acquired TS in breach of an NDA or duty of secrecy; or in breach of a contractual or any other duty to limit the use of the TS.
Key Features
Unlawful Acts:
www.howardkennedy.com
Proposed EU Directive
• Use or disclose the TS if the person disclosing knew, or should have known, that it was obtained from a third party that was using or disclosing the TS unlawfully.
• Consciously or deliberately produce, put on the market or import, export or store infringing goods (those whose design, quality, manufacturing process or marketing significantly benefits from TS unlawfully acquired, used or disclosed).
Key Features
Unlawful Acts:
www.howardkennedy.com
Proposed EU Directive
• The acquisition of trade secrets shall be considered lawfulwhen obtained by any of the following means:– independent discovery or creation;– (b) observation, study, disassembly or test of a product or object that
has been made available to the public or that it is lawfully in the possession of the acquirer of the information;
– (c) exercise of the right of workers representatives to information and consultation in accordance with Union and national law and/or practices;
– (d) any other practice which, under the circumstances, is in conformity with honest commercial practices
Key Features
LAWFUL Acts:
www.howardkennedy.com
Proposed EU DirectiveKey Features• No new IP right• No new criminal offences• A minimum standard of protection:
– Member States must allow trade secret holders to apply to their national courts to remedy unlawful use or acquisition of their trade secrets
– remedies must be "fair, equitable, economical and effective".
• Limitation period = 3 years• Special rules for litigation
www.howardkennedy.com
Proposed EU Directive
• Why?
• Key features
• June 2015 amendments
www.howardkennedy.com
NOT unlawful:
• to make legitimate use of the right to freedom of expression;
• to reveal misconduct or illegal activity, provided that the respondent acted in the public interest (EG public safety, consumer protection, public health or environmental protection);
• to protect “a legitimate interest recognized by national law”.
ALSO:
• Law does not affect the disclosure of business-related information by the EU institutions and national public authorities (IE FOI)
Safeguards for Freedoms
www.howardkennedy.com
• Directive does not affect the use of information, knowledge, experience and skills honestly acquired by employees in the normal course of their previous employment.
Safeguards for Employees
www.howardkennedy.com
Proposed EU Directive
• Why?
• Key features
• June 2015 amendments
• Next steps
– First reading/single reading: 24 Nov 2015
www.howardkennedy.com
Practical Tips
• Don’t tell anyone!
• But if you have to:
– Mark confidential documents as confidential.
– Use legally binding NDAs!
– Don’t over-reach
– Create a duty of confidence
– Plant seeds
• Keep an eye on the EU.
www.howardkennedy.com
The EU General
Data Protection Regulation
www.howardkennedy.com
Data Protection: Where are we now?
1. The Data Protection Act 1998 (“DPA”) from 1995 EU Directive
2. The Privacy & Electronic Communications Regulations 2003 (“PECR”)
3. The EU General Regulation on Data Protection (2015-ish)
www.howardkennedy.com
Data covered by the DPA
• Wide definition – “Personal Data" means data which relate to an
identifiable living individual
• Manual data– If stored in a relevant filing system
• “Sensitive Personal Data”– Racial/ethnic origin; political opinions; religious
beliefs; membership of TU; health; sex life; criminal offences
www.howardkennedy.com
Key Features of the DPA• Rights for Data Subjects (EG Subject access)• Requirement for Data Controllers to register with ICO
(“Notification”)• 8 Principles of Data Protection
Personal Data must be:– Fairly and lawfully processed – Processed for limited purposes – Adequate, relevant and not excessive – Accurate – Not kept for longer than is necessary – Processed in line with individuals' rights – Secure – Not transferred to countries without adequate protection
• Conditions for processing
www.howardkennedy.com
Conditions for Processing
• SCHEDULE 2 CONDITIONSEG:
– Consent
– processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
www.howardkennedy.com
Conditions for Processing
• SCHEDULE 3 CONDITIONS(When dealing with SENSITIVE PERSONAL DATA)
EG
– Explicit consent
– Processing is necessary to protect the vital interests of the data subject or another person
www.howardkennedy.com
Common Failings• Breach of 1st Principle (fairly and lawfully processed). Fair
processing notice should give-– Identity of data controller
– Purpose(s) for which data processed
– Any further info to make processing fair having regard to circumstances
• Breach of 3rd Principle (“adequate, relevant and not excessive”).
• Breach of the 7th Principle (adequate security).
• Failure to comply with the conditions of processing.
www.howardkennedy.com
Privacy & E-Coms Regs
• Anti-spam law
• Soft-opt in for customers
• Cookie rules
www.howardkennedy.com
Scary Consequences
• Complaint to ICO– Enforcement Notice
– Fine – up to £500,000 (currently)
• Law Suit – Damage and distress.
• Criminal Prosecution
www.howardkennedy.com
EU General Data Protection Regulation
• Proposed by EU Commission Jan 2012
• Modernising and harmonising
• 4,000 proposed amendments by EU Parl.
• 24th June 2015 – Trilogue begins
• Planned adoption – End 2015
• Entry into force 2017(Or thereabouts)
www.howardkennedy.com
Key changes in the GDPR
• Fines of up to EUR100 million or up to 5% of annual worldwide turnover, whichever is greater.
• Processors and Non-EU based Data Controllers caught by rules.
• Changes to definitions of personal data etc.
• Limits on profiling
• Privacy impact assessments
• Transparency – detailed notices
www.howardkennedy.com
Transparency
– Proposed Icons
www.howardkennedy.com
Key changes in the GDPR• Consent - Freely given, specific, informed and explicit, and
demonstrated either by a statement or affirmative action.
• Enhanced subject access
• New right to be forgotten/ erasure
• New right to data portability
• Mandatory Data Protection Officers
• Data security breach notification
• Documentation instead of notification
www.howardkennedy.com
Be Afraid Prepared
• GDPR is the biggest change in 20 years
• “Accountability” is the theme
• Preparedness is the best response:
– Develop breach notification protocol
– Consider policies/systems for new rights
– Check contracts with IT suppliers
– Keep an eye on EU developments
Questions?
Comments?
Abuse?
Robert Lands
Head of IP and Commercial
Howard Kennedy LLP
1 London Bridge
London
SE1 9BG