Really? Yes, really: The requirements in the law on legal protection of business secrets have changed. Companies must be active in protecting their business secrets, in order also to be able to claim legal protection in the future.

On 26 April 2019, the German Act on the Protection of Business Secrets [Gesetz zum Schutz von Geschäftsgeheimnissen, "GeschGehG"] came into force. It implements an EU directive (2016/943 of 8 June 2016) in German law and sticks closely to the requirement under European law. The EU legislative body saw a need for action above all due to the different standards for protection in the Member States and considers this to be a problem with regard to a functioning internal European market.

The Directive treats "business secrets" in principle the like other intellectual property rights which are protected, for example, by copyright, patents and the law protecting designs, and provides for corresponding remedies in the case of infringement (cease and desist, information, damages, product recall, announcement of judgements, criminal law) without, however, granting a monopoly as is the situation in the mentioned intellectual property rights.

Business secrets have previously not been protected in German law by themselves and instead only against "unfair" use, aside from duties of confidentiality under professional codes. The term "secret" [Geschäftsgeheimniss] was relatively broad. If third parties – employees or competitors – acted "unfairly", it was usually possible to proceed against them, aside from frequent problems with regard to the evidence.

Under the new law, the owner of the business secret – i.e. the party with legal control of the secret in accordance with the law – must first itself take care of protection before requesting protection from the court. In exchange, the owner is provided an expanded range of remedies, and the courts are expressly required to also take into account the need for secrecy in the procedure.

Three topics relevant for the practice are currently the primary subjects of discussion:

• What changes with regard to the practice in works council co- determination?
• What do the exceptions to protection of secrets mean for so-called "whistleblowing?"
• What must companies do, in order to make sure that their business secrets are also legally protected?

The two last points will now be briefly discussed here.

What must companies do to protect their business secrets? The abstract answer is not easy, but the question is not at all difficult to answer in the specific case. It is necessary to keep in mind what the protection is supposed to be directed against. The law defines as a business secret,

"information

• which either in total or in the exact classification and composition of its components is generally known to the persons in the groups who normally handle this type of information or is easily accessible to them and is accordingly of economic value,
• which is the subject of reasonable measures in the circumstances, taken by the legal owner of the information to keep it secret, and
• for which there is a legitimate interest in maintaining secrecy. “

The statute prohibits the unauthorized obtaining, use and disclosure of such information. An exception provides that information is not obtained "without authorization" if that information is acquired with regard to a product or item which embodies the secret and which is legally held in possession. Reengineering is accordingly permissible, independent of the expense, if it is not prohibited by a contract.

If there are "no measures to maintain secrecy", there is no protection from the very start. The measures must be "reasonable in the circumstances". What is to do here is based on the value of the business secret and the requirements for proper business organization. The management of the business is finally responsible for this. This involves above all the marking and the technical protection of access to information ("confidential" "password:_________"), personal access restrictions, agreements with persons who have permitted access and actual monitoring of effectiveness and compliance. The reasons for this are not simply because know-how that becomes known in the market is no longer secret, but instead also because there is not even any protection from the very start, not even against actions which were previously considered to be "unfair" if the beneficiary did not take any appropriate protective measures.

As a result of the fact that reengineering is generally permissible in the future if there is no contractual obligation to the contrary, it will be necessary to prohibit this in agreements with employees and other business partners where necessary.

It is not possible to generally state in a few words what is required in detail. However, if the above-mentioned criteria of value, need for protection, effectiveness, practicality are used as orientation, it should not be very difficult in the specific situation to identify what is needed, it must then just be done.

The whistleblower is finally someone under the law who obtains, uses or discloses a business secret, but acts "to uncover an illegal act or professional or other misconduct", whereby an act must have the capacity of "protecting the general public interest." The Directive does not just want to encourage whistleblowing by providing legal certainty in the area of protection of secrets; there are other provisions, e.g. for whistleblowers in the financial market. This is occurring only to a limited degree. It is not clear what happens with the whistleblower if the what the whistleblower considers to be illegal or otherwise constitute misconduct is legal or in order. However, the Directive wants to exclude the good faith whistleblower from the legal sanctions, but does not clearly state how to differentiate between good faith and bad faith. However, it should be clear that e.g. a violation of the law, about which only a few people have knowledge, is normally not a business secret. The law only protects information with regard to which there is "a legitimateinterest in maintaining secrecy". This situation will be the exception.

Dr Kristofer Bott, attorney, specialist for intellectual property rights
Frankfurt am Main