fingolex

Questions and answers regarding legal trade secret protection

Back to the blog post...

What happens if no concrete agreements have been made with employees?

Employees are generally obliged not to harm their employer; this is an implicit ancillary obligation under their employment contract (contractual duty of good faith). However, this duty is blurry and its scope is not well defined. Worse still, not giving instructions misses a clear instruction regarding the desired behaviour. Thus, trade secrets are endangered both practically (lack of instruction) and legally (by uncertainty as to whether a certain action is really prohibited). For this reason, it is important to include appropriate provisions in employment contracts and to include them anew or corrected if necessary.

What are the exceptions to legal trade secret protection?

The law provides for certain acts as generally permitted (in § 3 GeschGehG, German Law on Trade Secret Protection):

The law also permits certain otherwise prohibited actions (§ 5 GeschGehG) by way of exception in the case of (legally) justified interest:

However, everyone intending to rely on such exceptions should exercise caution as they are regularly interpreted narrowly. The above description is aimed at general comprehensibility and not at legal precision—it may therefore deviate from the applicable law in certain subtleties—in case of doubt (at least) read the law, because (only) this is applicable.

Under which circumstances is reverse engineering permitted? What was the reasoning for these rules?

In the earlier legal situation in Germany, the dismantling of products for the purpose of extracting trade secrets was largely prohibited and punishable under the Law against Unfair Competition (Gesetz gegen unlauteren Wettbewerb, UWG) (a key decision was the "Stiefeleisenpresse" decision, the name of which already reveals its age). This has changed significantly with the GeschGehG on the basis of the 2016 European Directive on the Protection of Trade Secrets: for the purpose of strengthening competition and for European standardisation's sake, "reverse engineering" has been permitted largely in the Directive, provided that the corresponding product was legally acquired (cf. Art. 3 para. 1 (b) of Directive (EU) 2016/943) and no contractual restriction exists (cf. § 3 para. 1 no. 2 GeschGehG). Thus, in many cases, the existence or absence of contractual usage restrictions will determine whether a product may be reverse engineered.

Are cooperations or legal proceedings a problem with regard to trade secrets?

Not necessarily. It is of course true that a secret becomes less secret the more people know it. For trade secret protection, it is therefore necessary to keep the circles that know any given secret as small as possible. Only those who need to know a secret for their work purposes should know it. At the same time, it can be useful to share secret information with partners if this opens up significant business opportunities. However, the partners must be selected with particular care for this purpose and they must be obliged to treat the trade secrets adequately (in particular not to pass them on to third parties and also to use them only for the contractually intended purpose).
Furthermore, the new law set changed provisions for the (necessary) disclosure of trade secrets in court proceedings. Even in (basically public) trials, the law now enables to avoid disclosure of trade secrets, e.g. because court files are blackened, can be heard in non-public proceedings and court decisions are only published to a very limited extent.

What are the implications of using cloud services?

Basically, this does not change any requirements: it doesn't matter where exactly the data is stored or who runs the servers, but how the data is protected. Depending on the setup, the cloud can even offer strong advantages, as the providers usually have significantly better resources in the area of IT security. In addition, a good solution can be to encrypt the data before it is transferred to the cloud and to keep it encrypted throughout the entire processing (as far as the application allows this). In any case, however, it is important to select the providers carefully and to agree suitable contractual arrangements and to avoid unsafe environments, such as storage in IP critical jurisdictions.

Do you have further questions?

Please feel free to contact us. We plan to expand this document as required.

Back to the blog post...


Disclaimer: This text presents a simplified overview of the topic. It neither constitutes legal advice nor does it replace such advice.