Tech companies thrive on innovation and rely on keeping their secrets safe. But in Europe the law has done little to create a sustainable environment for them. The landscape is set to change with a new European Directive on trade secrets but employers should be wary of complacency.
"Coca-Cola", "espionage", "Google algorithm", "theft", "black box trading", "innovation", "paranoia", "Willy Wonka"… A recent survey asking participants to name something they associate with the term "trade secret" proved both entertaining and revealing. The results suggest a topic which divides opinion but perhaps unexpectedly unites in the strength of emotion and imagery it provokes.
The idea of a trade secret somehow strikes deep into our sub-conscious; possibly influenced by tales of yore concerning confectionary, fizzy drinks and secret recipes (or the creative mind of Roald Dahl!). Almost unwittingly we recognise a trade secret as being something of value yet we may struggle to articulate or define that thing with any precision. For the consumer, this dilemma matters little. For industry, it is business critical and the stakes are high.
Intangible assets now account for more than 80 per cent of the market value of publically traded companies and businesses of all sizes depend on them for competitive advantage. It is therefore vital they are capable of consistent protection against unauthorised acquisition and use.
The US recognised and responded to this need by introducing specific trade secret protection legislation years ago, creating an environment where knowledge sharing can be embraced and innovation thrives. The position is rather different in Europe; and it has been causing palpitations in some quarters, not least in the technology sector, the vanguard of novel ideas. the protection is simply not adequate, due to the great diversity of systems and definitions and an inconsistent approach to enforcement across the EU member states (one third of the states have no specific laws at all). This renders businesses vulnerable and places the European market at a huge competitive disadvantage – a fact magnified by the increasing level of technology theft occurring in Europe.
Some readers may, with perfectly good cause, wonder what all the fuss is about, pointing to patents as a familiar safeguard for intellectual property rights (IPR). But for a variety of reasons patents often are not the answer for protecting confidential and commercially sensitive information, not least because of the time limitation which is placed on them. Coca-Cola, for example, has no patent on its recipe and that subject of intrigue has certainly stood the test of time.
Europe's powers have finally, belatedly, taken steps to address the market mismatch. At the very end of 2015, whilst most of us were busy enjoying our own family's secret recipe - Grandma's Christmas pudding - the European Commission published the agreed provisional text for a new Trade Secrets Directive.
The purpose of the Directive, which is expected to be enacted in March 2016 and implemented across the EU over the next two years, is to provide a level playing field for companies doing business in Europe by laying down common measures against the unlawful acquisition, use and disclosure of trade secrets. For the purposes of the Directive, a "trade secret" will be information that:
- Is secret, in the sense that it is not generally known to people within the circles that normally deal with the kind of information in question;
- Has commercial value because it is secret;
- Has been subject to reasonable steps (by the person in lawful control of the information) to keep it secret.
The Directive does not create a new intellectual property right (trade secrets remain a sub-class) but this is undoubtedly a positive development. It should put an end to the fragmented patchwork of specific national laws which has been impairing cross-border R&D in Europe. It creates new protections for innovative companies which will surely stimulate opportunities by deterring some of the malevolent industrial espionage and related cyber-attacks in play - and thereby reducing levels of industry paranoia.
However, despite the feel good factor, companies should not rest on their laurels. The biggest threat to corporate trade secrets is, has always been, and will continue to be, the operator between chair and keyboard.
The 'insider threat' presented by employees remains at large; the Directive does little to change this. Indeed the European Parliament has rather kowtowed to local employment laws by including language that expressly endorses employee mobility rights. It specifically excludes any interpretation of the Directive which might be seen to limit "employees' use of information not constituting a trade secret… or the experience and skills honestly acquired in the normal course of their employment" or to impose "additional restrictions on employees in their employment contracts…" The text also hints at Member States taking a less draconian approach to damages unless an employer can prove that an employee intentionally acquired, disclosed or used a trade secret without authorisation. This approach to the treatment of employees leaves a deliberate but conspicuous gap in the legislation.
However, for the cynical and sceptical employer, all is not lost. The Directive broadly mirrors the current position under English law where employees' [mis]use of confidential information is concerned. In reality little is likely to change for UK employers but compared to many EU member states, [our] trade secrets enjoy a reasonably high degree of protection; a harmonised approach should therefore be welcomed by organisations with employees operating collaboratively in Europe. The preamble of the Directive is also clear that it should not be seen to "affect the possibility of concluding non-competition agreements between employers and employees". This immediately introduces the possibility that, provided they have taken appropriate steps, employers may soon enjoy two-layers of trade secrets protection, under their own contractual arrangements and the Directive itself.
And yet here is the rub. If employers have not tended diligently to their own internal affairs (i.e. ensured that contracts, policies and procedures are appropriately implemented) there is a reasonably high chance they will have no protection under the Directive, let alone their own private arrangements. Remember: under the Directive only information which an employer has taken steps to keep secret will qualify as a trade secret. This is critical. It is sort of 'double or quits'.
All of these factors mean there is now an even greater imperative than ever before for international tech companies operating in Europe to take a harmonised and coordinated approach to employment contracts, policies and procedures to protect their trade secrets. Employers need to 'mind the [legislative] gap'; taking effective proactive steps to audit their trade secrets and manage the environment in which they exist will ensure the Directive is a force for good.
James Froud is a Partner specialising in employment law issues for technology companies at international law firm Bird & Bird
Image Credit: Ignatov/Shutterstock