Practical take-aways for trade secret protection

Beitrag als PDF (Download)

It has been two and a half years since the Trade Secret Act (Geschäftsgeheimnisgesetz) came into force in April of 2019. A short time, in legal terms. And yet, not only have plenty of articles been published and is the number of commentaries increasing, but there has also been a pleasantly surprising number of court rulings on this subject.
Not all questions have been answered yet, of course. But a look at the various court rulings provides interesting insight:

What is a trade secret?

Having a legal definition for the term trade secret (sec. 2 (1) Trade Secret Act) was purported to be one of the main legal benefits of the Trade Secret Act compared to the previous regulations under the Code Against Unfair Competition (UWG), and case law already provides for some examples of how the new definition is applied.

The Federal Administrative Court confirmed that also the names of data files, their size and potentially other metadata can qualify as trade secrets if relevant information can be derived from these (BVerwG, order of 5 March 2020 – 20 F 3.19). The Regional Labour Court Dusseldorf found private notes of an employee to be trade secrets of the employer (LAG Düsseldorf, judgement of 3 June 2020 – 12 SaGa 4/20).

The Higher Regional Court Dusseldorf moreover found that also such documents can be trade secrets where not all the information contained is confidential (OLG Düsseldorf, judgment of 11 March 2021 – 15 U 6/20). Specifically, it qualified a CAD file to be protectable where only some information was secret while other information contained therein was state-of-the-art and generally known. Overall, the ruling provides for a good blueprint of how to argue such “mixed” documents in court proceedings and how far protection stretches.

Yet, courts also found that this legal definition of trade secrets does not always apply. Where information claims are based on public law regulations – e.g. claims of the press – (administrative) courts found that the “old” definition of the trade secrets still applies (e.g. VG Berlin, order of 23 September 2019 – VG 27 L 98.19). Otherwise, private parties could circumvent public law information claims by applying adequate protection measures. This should be kept in mind when answering to information requests that are (potentially) based on claims outside of the Trade Secret Act.

How to define your trade secrets

So how should you define the scope of trade secrets in your NDA or employment agreement? Is it best to just repeat the legal definition from sec. 2 (1) Trade Secret Act, or can you go beyond that and use a “catch-all” clause to also include information that was not subject to “adequate protection measures” or a “legitimate confidentiality interest” as required under sec. 2 (1) (b) and (c) Trade Secret Act?

Case law tells us that – this depends. It should be differentiated between NDAs with business partners or other B2B situations on the one side, and confidentiality provisions with employees on the other side. The Regional Labour Court Cologne found that “catch all” clauses were invalid in employment agreements (LAG Köln, judgement of 2 December 2019 – 2 SaGa 20/19). Although this judgement received much attention, this was not much of a surprise. Catch-all clauses had been regarded as (at least borderline) invalid all along, and should not be used.
For B2B situations, no such explicit decision (yet) exists. The analysis of different judgements does not indicate, however, that catch-all clauses might per se be invalid. Also, no court seems (yet) to have taken on the opinion voiced by some scholars that going beyond the legal Trade Secret definition would constitute an “unreasonable disadvantage” of the partner and thus be invalid in general terms & conditions (AGB), which many standard NDAs will likely be.

The lawyer’s recipe is a multi-level approach: Start with the legal definition to have a “baseline” protection. Expand this by including specific important information. Add (where possible) the type of confidential information you expect to be relevant. And last – but highly important – state for which project or within which relationship the information shall be used.
No confidentiality marking, no trade secret?

The question of whether information that is not marked as “confidential” (or similar) can be a trade secret at all lies at the junction of trade secret definition and “adequate protection measures” (to which we finally come in a moment). Especially in multi-party agreements such as publicly funded research consortium agreements, the question of whether only information marked as confidential shall be protected regularly sparks lengthy discussions.

Case law does not (yet) provide for an argument that would tilt the discussion clearly. But it seems clear that marking documents as confidential can be help protection, but is not necessary for it. Trade secrets will not per se lose their protection if they do not have such a marking. Just the same, marking a document as “confidential” will not automatically make it a trade secret (VG Schleswig, judgment of 25 April 2019 – 6 A 222/16).

The discussions are therefore not yet obsolete and should in the end be decided based on which is the higher risk: That of inadvertently giving away your own confidential information, or that of using information received from the other side beyond the allowed scope?

What are “adequate protection measures”?

No other requirements under the Trade Secret Act has spawn more discussion than the “adequate protection measures”. And likely no other has such severe consequence: Without such measures, no protection at all is granted. Companies thus must carefully think about how to establish, implement and adjust their protection scheme. The Trade Secret Act is non-forgiving in this respect.

Especially the already mentioned judgement of the Higher Regional Court Dusseldorf (judgment of 11 March 2021 – 15 U 6/20) and a ruling of the Higher Regional Court Hamm (judgement of 15 September 2020 – 4 U 177/19) are instructive for determining factors for “adequate protection measures”. The most important lessons are as follows:

The measures do not have to be perfect. But they need to be sensible and reasonable considering the size of the company that is claiming protection, and the value attributed to the information in question. The costs and benefits may be weighed against each other. The overall system is more important than individual measures. In the end, the system must pass a “peer comparison test” against the measures taken by comparable companies and competitors (or at least what is known or suspected about their measures).

The measures need to be an evolving system. Once information is obtained about potential weaknesses in the system, or especially if breaches occurred in the past, steps to rectify these loopholes must be taken. Not reacting to known weak spots will put the entire protection system at risk of not being considered adequate. Adequacy is therefore a dynamic threshold.
According to the Higher Regional Court Dusseldorf, the measures need to have been implemented continuously at all times. However, this seems to be overstretching the legal requirements. Especially considering the objective to strengthen trade secret protection, it should be sufficient that protection measures were implemented at the relevant time a breach happened. It should be closely followed how other courts position themselves in this regard and whether this requirement will be upheld.

Imagining how one would “defend” his or her own protection scheme before a (critical) judge should be a good litmus test, and the cited judgements provide for a good testing ground. As often, a common-sense-approach considering what information really requires protection and how it might most likely be misappropriated should provide a good feeling for which measures are “adequate”.

What else?

Other noteworthy decisions include the following:

The “sale” of software rights also includes an implicit confidentiality obligation regarding the source code (OGH Wien, order of 10 December 2020 – 4 Ob 182/20y). This might be a life-safer where trade secrets were not specifically considered in an acquisition agreement.

For reverse engineering, the burden of proof lies with the reverse engineer. He must show that (and how) he obtained all relevant information from the reverse-engineerable products (OLG Düsseldorf, judgment of 11 March 2021 – 15 U 6/20).

The assumption of urgency (Dringlichkeitsvermutung) of sec. 12 (2) Unfair Competition Act (UWG) does not apply to the Trade Secret Act (OLG München, order of 8 August 2019 – 29 W 940/19). This is still in dispute, though.

The Trade Secret Act takes precedence over other claims such as tort claims (e.g. sec. 823 BGB) (LAG Köln, judgement of 2 December 2019 – 2 SaGa 20/19).

The objective of the Trade Secret Act (and the underlying Know-how Directive) was to strengthen trade secret protection. Two and a half years into the new act, it appears that courts are mostly applying the Trade Secret Act in a sensible way. Employment courts and administrative courts seem to tend towards more restrictive decisions, while civil courts generally seem to be friendlier toward the trade secret owner.
Legal certainty in the field of trade secret protection is therefore slowly evolving, but some more growing pains are to be expected. Continuing to review the available judgements might be the best way to ensure that these pains are not felt by yourself.

Aktuelle Beiträge