by Laura Gastaldi and Micaela Jerusalmi
One year and a half after the implementation of EU Directive No. 934/2016 (the “Trade Secrets Directive”) in Italy, trade secrets are increasingly becoming one of the most valuable assets of companies’ businesses, and this trend is likely to increase.
Let’s see what to expect from the upcoming year in light of the most recent happenings.
1.The birth of new best practices
Starting from the enforcement of the TDS, all European countries require that in order for a trade secret to be granted protection it must be subject to reasonable protective measures to keep it secret (such requirement already applied in a few European countries such as Italy).
Therefore, it becomes crucial for owners of trade secrets to understand which measures may qualify as adequate safeguards, hence allowing legal protection. Italian courts tend to define adequate measures either as those which make it “not easy” for experts of an industry to obtain the trade secrets through an hypothetical process of reverse engineering (Court of Appeal of Turin, 19 May 2017), or as safeguards that need a non-irrelevant effort to be overcome (Court of Turin, 15 November 2018).
Per the substance of the above mentioned measures, these usually consist in: physical security and cyber security measures, systems to limit access to trade secrets inside the company using credentials and passwords in order to catalog and track both access to trade secrets and their use, entering into NDAs with third parties before disclosing trade secrets and, more generally, adopting an attitude of commitment to the protection of such information and to its circulation and disclosure.
In light of the wide range of protective measures and of the vagueness of the definitions provided by the case law as above, the assessment ends up being carried out on a case by case basis, so that often the measures actually adopted are deemed adequate according to the owner’s point of view, but not according to courts, and vice versa.
Hence, the need to identify broadly recognized standards on protective measures is of the utmost importance.
This need is even more crucial as the relevance of trade secrets increases while the digital revolution takes its course, and as algorithms, big data, AI, IOT, and other technologies evolve rapidly. Particular attention must be drawn to technologies based on the exploitation of large amount of information, which entails a great risk relating to the broad circulation of data and possibly trade secrets – which occurs for example when it comes to cloud-based platforms -.
We believe that in light of the above, trade secrets owners will strive to guarantee the protectability of their know-how both to themselves and to third parties.
In our view, this search for legal protection will bring spark the birth of new broadly recognized and endorsed best practices − eventually codified − on trade secrets’ management and protection, with a focus on the applicable safeguards. Among these, we expect to find the use of specific cybersecurity software, that will stand out thanks to its trustworthiness and reliability.
2.The need to search for balance between right to privacy and right to trade secrets protection
As mentioned above, the importance of data and information for the world’s economy is growing exponentially. Trade secrets sometimes consist of data sets that include personal data, and this determines consequences in terms of conflicting rights and applicable law.
As a matter of fact − as it is expressly provided for by Article 9, para 4 of the Trade Secrets Directive – such data must be processed in accordance with the applicable law on the protection of personal data (currently the GDPR). According to such legislation, the owner of the trade secrets should be qualified − at least in the majority of the cases − as the data controller, and therefore must guarantee the rights provided by GDPR to all data subjects involved in the data processing. The Trade Secrets Directive recalls the need to protect personal data in Recitals 34 and 35, stressing the importance of the data subject’s right to access his/her own data.
To the extent of what represents the major concern here, particular attention should be paid to the right of access and to the right to data portability since the exercise of both may conflict with the protection of trade secrets. The European legislator proved to be aware of this possible contrast and established a principle – in Recital 63 of the Trade Secrets Directive – providing that, when the right of access is granted through remote access to a system, this must be done without prejudice to the rights relating to the protection of business secrets.
With regard to the right to data portability (article 20 of the GDPR), the law provides for an explicit limit consisting in the violation of the rights and freedom of third parties. Among the latter, there is the trade secret owner’s right to obtain legal protection and to enforce its exclusive rights against third parties.
The more data gains importance in the global economy, the more it becomes urgent to search for balance between the above mentioned prerogatives, i.e. between the right to protect trade secrets and the data subjects’ rights, which are granted and protected under GDPR.
According to the literal interpretation of the above laws, it is possible to note a slight favor towards the rights of data subjects in case of conflict with the right to protect trade secrets. Such a result may be justified on the basis that the first one is an individual’s right linked to his/her inviolable right to life (and recognized as such in the Italian Constitution, primarily in Articles 2 and 3), while the second one relates to private property and the right of economic initiative, that are protected by the Italian Constitution as well, but when it comes to the context of balancing rights the latter could be considered of minor importance compared to the former.
In light of the foregoing, we expect that a certain number of disputes will arise and that the courts in Italy and in the rest of Europe will be in charge of balancing the right to privacy with the right to protection of trade secrets. We expect that the assessment will be carried out by means of a case-by-case approach, whereby the right to privacy is likely to prevail.
3.The need to adopt appropriate measures to remedy the consequences arising from the illegal use and disclosure of competitors’ trade secrets by employees
As far as the domestic scenario is concerned, companies are acquiring awareness about the importance and value of trade secrets and now recognize that they represent an increasingly strategic asset for their businesses. In fact, trade secrets are capable of conferring the owner a significant competitive edge on the market, due to their commercial and economic value.
What companies may not yet be aware of is that they could be held liable in case of illegal use and acquisition of competitors’ trade secrets by their employees.
Indeed, over the last year, Italian case-law experienced this new principle set out by the Court of Milan with a decision issued in September 2019 that has put an end to a complex dispute about the violation of trade secrets by former employees between one of the world leading recruitment and selection companies and a competitor (Court of Milan, Specialized IP Court division, decision No. 8249/2019, 17 September 2019).
With said decision, the Court ascertained the liability of the recruitment company’s former employees – then employed by the competitor – for having received confidential information such as customer names, CVs and other confidential data by e-mail from a resigning employee, then hired by the competitor. Nonetheless, what is most interesting is that, in addition to the personal liability of the employees for the acquisition and disclosure of confidential information under Articles 98 and 99 of the Industrial Property Code, the Court also held the competitor liable for its employees’ conduct due to strict liability pursuant to Article 2049 of the Civil Code (i.e. strict liability of the employer for the acts of its employee in the exercise of the assigned duties) and condemned it to compensation for damages in favor of the plaintiff.
Notably, this liability applies despite any abusive or fraudulent intent of the company and any evidence of the commercial edge gained.
This is one of the very first cases where the principle of the strict liability of the employer is applied to the acquisition of other companies’ trade secrets by its employee with a decision likely to become a benchmark in Italian case law.
In light of the foregoing, companies shall consider how to react to avoid or mitigate liability in similar cases and identify the most effective steps to be taken to prevent similar situations. This will increase the level of attention of the companies in managing trade secrets, leading them not only to adopt protection measures against third parties’ abuse for the reasons set out above, but also to implement or strengthen policy and protective steps to prevent the unlawful acquisition, use or disclosure of competitors’ trade secrets by their employees.
It is likely that throughout 2020 Italian case law will embrace the precedent set forth by the Court of Milan and , consequently, companies will encourage their employees to raise awareness with reference to both the confidential nature of certain information as a fundamental economic asset for the company and the possible consequences arising from trade secrets’ misuse and disclosure.
If you wish to discuss the topic further, please feel free to contact us at laura.gastaldi@dlapiper.com and micaela.jerusalmi@dlapiper.com