Search
Contact
29.10.2019 | KPMG Law Insights

The new Trade Secrets Act

The new Trade Secrets Act –
Need for action by research institutions and universities

The protection of entrepreneurial know-how has always been a high priority. Securing it has considerable economic significance and can bring a real competitive advantage. The new Trade Secrets Act (GeschGehG), which came into force on April 26 of this year, is intended to provide better protection for entrepreneurs against the unlawful acquisition of trade secrets and their unlawful use and disclosure. Under the premise: Only those who take appropriate protective measures themselves will benefit from the new legislation. There is a need for action in this matter not only among companies, but especially among research institutions and universities.

The Act was enacted in implementation of the requirements of Directive (EU) 2016/943 on the protection of confidential know-how and confidential business information (trade secrets) against unlawful acquisition and unlawful use and disclosure. Until now, the protection of trade and business secrets was scattered across various areas of law, and there was a lack of uniform legal definitions and defined rights for the owners of secrets in the event of infringement by third parties. In particular, trade secrets have so far been protected by the criminal provisions of Sections 17 and 18 of the German Unfair Competition Act (UWG). However, these presupposed a subjective interest in the betrayal of secrets, so that legal enforcement was often only possible with great forensic effort.

The new regulations
First of all, the GeschGehG contains pursuant to § 2 No. 1 a definition of the term “trade secret”. Accordingly, the term includes information that has a commercial value due to its unfamiliarity or inaccessibility to the general public, is the subject of appropriate secrecy measures and there is a legitimate interest in keeping it secret. For the existence of a trade secret, it is therefore no longer sufficient to have a sufficient subjective intention to maintain secrecy; instead, it must be possible to demonstrate that the know-how was (objectively) protected by appropriate secrecy measures. Which measures are to be considered “appropriate” will have to be judged with regard to the individual case. A significant change is that in the future the burden of proof will be shifted, i.e. the infringed party must be able to prove in the event of a legal dispute that the measures it took to protect its trade secrets were sufficient.
A special feature of the new Business Secrets Act is that § 3 GeschGehG specifies actions by which a business secret can be lawfully obtained. In particular, this includes: the independent discovery or creation and an observation, investigation, deconstruction or testing of a product or object that has been made publicly available or is in the lawful possession of the observer, investigator, deconstructor or tester and the latter is not subject to any obligation to restrict the acquisition of the trade secret. In other words, the mere lawful possession of an object (the ownership of which remains disregarded) allows the lawful acquisition of a trade secret, e.g. by reverse engineering, if there are no (contractual or legal) restrictions on the owner. In this respect, owners of secrets are now de facto forced to secure their trade secrets by means of appropriate protective measures.

Approaches for appropriate protective measures
The applicable standards are still unclear due to the broad wording and the lack of case law to date. It is therefore particularly important for universities and research institutions to analyze their organizational structure, determine their individual protection needs, and take appropriate measures in a timely manner commensurate with the value of the secrets.
There are no blanket solutions for choosing suitable and appropriate protective measures. Universities and research institutions must create these individually for their organizational structures, review them regularly and adapt them if necessary. Technical, organizational and legal measures must be interlinked. First, a risk assessment should identify and evaluate the information that needs to be kept confidential and the size- and industry-specific risks, and identify internal and external measures to mitigate the risks.
It will not be necessary to take equally strict secrecy measures for all information, but standards that are set too low will have far-reaching consequences: The information will then not be classified as a trade secret, so that the information owner would lose his ownership of the information and thus its economic value. In view of the lack of case law on the concept of reasonableness, particularly strict standards should therefore be applied initially.
Legal consequences in case of violation
Only if the owner of the secret has adequately protected its trade secrets is it entitled to far-reaching claims in the event of an infringement of rights by a third party pursuant to Sections 6 ff. GeschGehG: First, he can demand that the infringement cease and that the relevant documents be handed over or destroyed. Furthermore, he may take action against the distribution of infringing products (recall, cessation of supply, destruction) and he is entitled to information and damages. He may also request the publication of the judgment on the infringement at the expense of the infringer. If the action has been dismissed, however, this can also be demanded the other way around from the alleged infringer at the expense of the owner of the secret.
Violation of the law may result in criminal penalties: these may include imprisonment of up to five years (e.g. in the case of commercial activities). Against the background of the planned corporate criminal law (Association Sanctions Act), it should be noted above all that infringers can also be legal entities, including in particular universities, if they are not engaged in sovereign activities, e.g. in economic activities such as contract research.
Conversely, the company owner is also liable if the infringer is an employee or agent of his company. In addition to protecting his own trade secrets, the company owner must therefore ensure that no third-party trade secrets are infringed from within his company. It is precisely this obligation that now also applies to universities and publicly funded research institutions that frequently come into contact with other people’s secrets, for example in collaborations and joint research projects.
However, the new Trade Secrets Act provides for a statutory exception: Disclosure of trade secrets by whistleblowers is lawful if it leads to the disclosure of unlawful acts, professional or other misconduct and is suitable for protecting public interests (Section 5 No. 2 GeschGehG). With this far-reaching and contourless regulation, it remains to be seen how it will be interpreted and applied by the courts in the future.

Need for action at universities and research institutions
It is not only companies that need to take action as a result of the new legal regulations. Research institutions and universities are also required by the GeschGehG to take measures to protect trade secrets. This obligation applies to both the university’s own business secrets and those of third parties, knowledge of which may come to the university’s employees through cooperation with third parties. The protection of know-how is of great importance to universities and the companies that work with them. Acquired knowledge and research results cannot always be protected by other property rights (e.g. patents), but still require secrecy in order to maintain the competitive advantage and thus the economic value. The protection of this information is therefore imperative.
Possible measures can include access controls and technical protection measures, logging of calls, and contractual safeguards. In case of doubt, the owner of the secret must be able to prove that protective measures have been taken and that they are appropriate. This will only be possible on a regular basis if a functioning compliance system is implemented. The compliance system should be designed in such a way that it is also ensured that no third-party trade secrets are used unlawfully from within the university or research institution itself, so as not to run the risk of being held liable.

Consequences of non-compliance
Those who do not fully implement the new legal requirements of the Secrets Protection Act run the risk that their secrets are not effectively protected and are legally subject to free use and exploitation by others. However, this may not remain the only negative consequence – universities and research institutions that fail to act run the risk of becoming the addressees of claims by any competitors or future corporate penalties. The consequence can be considerable claims for damages against universities and research institutions, which should definitely be avoided by acting in time regarding the new legal regulations.

Explore #more

11.10.2024 | In the media

Guest article in the Asset Management Guide 2024: The Fund Market Strengthening Act – Flexibilization and Debt Fund reloaded

On August 5, 2024, the Federal Ministry of Finance published the draft bill for the Act to Strengthen the German Fund Market and Implement Directive…

04.10.2024 | In the media

Guest article in Bauunternehmer on the topic: “Competition is better for climate protection than rigid requirements”

Regulation is one of the main cost drivers in construction.
However, instead of rigid specifications, sustainability targets and climate protection can be better achieved through…

04.10.2024 | Deal Notifications

KPMG Law advises the HWP Handwerkspartner Group on the acquisition of Manfred Teckenburg Elektroanlagen

KPMG Law carried out a comprehensive legal due diligence for the HWP Handwerkspartner Group on the acquisition of Teckenburg Elektroanlagen and supported the purchase agreement…

04.10.2024 | Deal Notifications

KPMG Law and KPMG advise the Forterro Group on the acquisition of alltrotec

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised the Forterro Group on the due diligence, structuring and implementation of the acquisition…

04.10.2024 | Deal Notifications

KPMG Law and KPMG advise HWP Handwerkspartner Group on the acquisition of Elektro Fastabend Group

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) have jointly advised the HWP Handwerkspartner Group (HWP) on the acquisition of Fastabend Elektro-Gebäudetechnik…

02.10.2024 | Deal Notifications

KPMG Law advises the GOLDBECK Group on the acquisition of a majority stake in the Schalm Group

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised the HWP Handwerkspartner Group on the acquisition of the Schalm Group.
KPMG Law conducted a comprehensive legal due…

27.09.2024 | Deal Notifications

KPMG Law advises Munich Airport on the sale of a majority stake in Cargogate Munich Airport GmbH and the creation of a new cargo joint venture.

KPMG Law advised Flughafen München GmbH (FMG) on the sale of 74.9 percent of the shares in its subsidiary Cargogate Munich Airport GmbH (Cargogate) to…

27.09.2024 | Deal Notifications

KPMG Law and KPMG advise the GOLDBECK Group on the acquisition of Weiser GmbH Brandschutz & Technik

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) jointly advised the GOLDBECK Group on the acquisition of Weiser GmbH Brandschutz & Technik.…

25.09.2024 | In the media

Guest article in Wirtschafts Woche on the topic of data protection: Employers are liable for their works councils

Companies collect and store personal and sometimes sensitive employee data: age, length of service, salary, sick days and much more.
According to European and German…

22.09.2024 | In the media

PMN Awards 2024 – Konstantin von Busekist honored as Managing Partner of the Year

For the 16th time, the PMN Awards shine a spotlight on outstanding law firm innovations and management achievements.
On September 18, the Professional Management Network,…

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll