The core of franchising as a commercial strategy is its use of a business format – a format that is usually a matrix of commercial know-how, which although perhaps not entirely novel in its individual elements, is commercially distinctive and valuable as a composite. This know-how is generally kept confidential and is what distinguishes the franchise format from its competitors.

As this know-how is not patentable, it can only be protected by way of contract and trying to ensure that it is shared only on a need-to-know basis. The problem with this, however, is that once this confidential know-how is shared with a franchisee or its employees, it is impossible to take it back again.

Each jurisdiction has a different way of dealing with the protection of this valuable secret know-how, which makes adapting a homogenised approach to their protection by franchisors something of a challenge. It is therefore to be welcomed by franchisors that trade secret reform is currently high on the agenda of all the major economic regions.

In the EU, a draft Directive to harmonise and upgrade European laws is currently pending before the European Parliament. France has even gone as far as to introduce new trade secrets laws in advance of the EU Directive being passed. In the United States, draft bills introducing federal-level trade secret protection are pending in Congress, and in China a draft revision to its trade secrets laws has recently been submitted to the state administration. In addition to this, there are ongoing discussions among the ASEAN Free Trade Area nations regarding the establishment of harmonised trade secrets laws in that region.

The EU Directive is expected to be passed during 2015, when the EU Parliament will consider the original wording proposed by the EU Commission together with the latest iteration of a ‘compromise draft’ that was published on 26 May 20142 following consultation and comment by interested parties. After the adoption of the Directive by the EU Parliament, the EU Member States will have two years to implement local laws giving effect to it. Franchisors therefore need to prepare themselves so that they can take best advantage of this new regime.

I THE NEED FOR A TRADE SECRETS DIRECTIVE

The primary driver for an EU Directive is an economic one. As part of the ‘EU 2020 Strategy’ the European Commission is obligated to create an innovation-friendly environment for business as part of its commitment to ensuring the smooth functioning of a single European market.3

As intangible assets such as trade secrets and confidential information have grown to account for approximately 80 per cent of the market value of publicly traded companies, Europe has increasingly been at risk of becoming an unattractive environment for innovative businesses to locate themselves. Extensive fact-finding work by the Commission revealed that companies of all sizes, in all most every sector of the economy, reported that trade secrets are very important to them. Alongside this, however, it was found that misappropriation of trade secrets is on the rise.

Unfortunately, trade secrets law in the EU is best described as ‘patchwork’, with different approaches and different levels of protection in Member States creating uncertainty among businesses as to the type of information that is protectable as a trade secret and with, at times, inadequate enforcement mechanisms. Only around two-thirds of EU states currently have specific legislation concerning the misappropriation of trade secrets, offering enforcement environments that differ widely.

In part, this inconsistency in trade secrets regulation reflects both the permeation of trade secrets across a wide range of business activities and the fact that different countries have approached the issue from different starting points without any overarching coordination. For example, in France there is currently legislation to protect against misappropriation of trade secrets in the employment relationship – but not in an intellectual property context, which instead relies on principles derived through case law.4 Likewise, in Germany trade secrets are regulated through both competition law and employment law, but enforcement relies on a system that does not provide for mutual disclosure of evidence, which is often critical in such cases. This picture is complicated further by the fact that this ad hoc development of the law has led some countries to have more than one definition of a trade secret, depending on the legal context. In France, the United Kingdom and Germany, for example, the legal definition of a trade secret varies depending on whether the information is disclosed in the context of the employment relationship. This is clearly unhelpful for businesses.

Against this backdrop, the EU Commission concluded that there is an obvious public interest in securing fair competition standards and, at the same time, providing a business environment that encourages and rewards investment in research and innovation.

As matters stand, the Directive will harmonise laws across the EU in three main areas:

  • a the definition of ‘trade secret’, and the means by which holders will be protected throughout Europe;
  • b the remedies available to trade secret holders when they suffer a theft or unauthorised use of their trade secrets; and
  • c the measures the court can use to prevent trade secrets leaking during legal proceedings.

II DEFINING TRADE SECRETS

Regardless of any other changes to the draft Directive, it is highly unlikely that the definition of a trade secret will undergo any changes. The existing drafts adopt the 1994 WTO TRIPS definition of a trade secret, which is also reflected in the definition adopted by the United States in the Uniform Trade Secrets Act and which will be carried over into any federal law, if enacted.

Article 2 of the draft Directive defines a trade secret as:

[i]nformation which meets all of the following requirements:

a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;

b) has commercial value because it is secret;

c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information to keep it secret.

While this definition corresponds with the existing definitions in Member States such as Denmark, Spain and Italy, it will mark a change in countries such as the United Kingdom, Germany, Poland and Hungary, where the requirement for a trade secret to have commercial value will narrow existing approaches.

At present, the classic definition of confidential information under English law is founded in equity and requires that the information (1) has the necessary quality of confidence and (2) is disclosed in circumstances importing an obligation of confidence. English law does not currently require information to have ‘commercial value because it is secret’ for it to be classed as confidential.

In the context of confidential information in the employment relationship under English common law, a trade secret is information that an employee is obliged to keep confidential, even after the termination of employment and without any post-termination restrictions. In this context, ‘trade secret’ means information of a sufficiently high degree of confidentiality based on all the circumstances. These include its importance to the business and the measures taken to protect it. Typically, examples of this category have included the legendary ‘Coca-Cola formula’ as a pure trade secret that is protected regardless of any contractual agreement. This is distinguishable from ‘valuable business information’, which only remains protected after the end of employment if it is covered by express contractual wording.

Various issues come to light as a result of this.

  • a The requirement that the information be ‘secret in the sense that it is not [. . .] generally known or readily accessible’ applies not only to single pieces of information, but also to collections of information. This will ensure that manuals, processes and recipes can all be protected, as long their precise configuration is not generally known outside the business or its contractual supply chain. It also means that it will become easier to enforce confidentiality over customer service data and software features and functionality across Europe.
  • b The requirement for ‘commercial value’ raises questions, such as ‘does the information have to have value to the original holder or it is sufficient that it would have value in the hands of another?’ For example, confidential information that is damaging to a company might not have ‘commercial value’ to that company; although it is likely they would take steps to keep the information secret, they cannot exploit it for value. In the hands of a competitor, however, or a newspaper, the information may have commercial value as it could improve the relative reputation or activities of the competitor or prompt people to buy newspapers.
  • c The requirement that the information ‘has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information to keep it secret’ means that as long as a businesses’ supply chain, licensees, franchise holders and other business partners are required to observe its security requirements for the information, then it remains ‘secret’ and protectable.
  • d In an employment law context, the definition of ‘trade secret’ under the Directive is broader than the existing English law common law rules. This indicates greater rights for employers in restricting the use of information by their former employees following termination of employment, although this was not the Commission’s intention, as discussed below.
  • e The issue above highlights an important question for Member States: whether implementation of the Directive should come in addition to – or instead of – their national legislation and common law rules.
  • f The similarities between the proposed European definition and that of the US Uniform Trade Secrets Act should help promote the confidence of international businesses to expand their operations in Europe. The US approach is that a ‘trade secret’ is one that:

• derives independent actual or potential economic value from not being generally known to, or readily ascertainable by, other persons who can obtain economic value from its disclosure or use; and

• is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

III NEW HEADS OF LIABILITY AND REMEDIES

i Unlawful use of trade secrets

Article 3 of the draft Directive sets out the types of liability for infringement of rights in qualifying trade secrets. These relate to the acquisition, use and disclosure of trade secrets and infringing goods. Infringing goods will be those that significantly benefit from trade secrets that have been unlawfully acquired, used or disclosed.

This means that the use or disclosure of a trade secret will be unlawful (1) where the user knows (or should know) that it was obtained unlawfully or (2) where the infringing activity is carried out intentionally or with gross negligence by a person who obtained the information unlawfully or in breach of some other duty of confidence. Where a trade secret is obtained from a third party, its use or disclosure may still be unlawful if the user knew or should have known that the person from whom it was obtained was using or disclosing the trade secret unlawfully.

At the time of writing there are two separate proposals. The original proposal is:

Article 3(1): ‘The acquisition of a trade secret [. . .] shall be considered unlawful whenever carried out intentionally or with gross negligence by:

a) unauthorised access to or copying of any documents, objects, materials, substances or electronic files, lawfully under the control of the trade secret holder, contained the trade secret or from which the trade secret can be deduced;

b) theft;

c) bribery;

d) deception;

e) breach or inducement to breach a confidentiality agreement or any other duty to maintain secrecy;

f) any other conduct which, under the circumstances, is considered contrary to honest commercial practices.’

The latest ‘compromise draft’ of 26 May 2014 proposes the deletion of ‘theft’, ‘bribery’, ‘deception’ and ‘breach or inducement to breach a confidentiality agreement or any other duty to maintain secrecy’.

The issue that has drawn most attention, however, is the proposal to create liability for conduct that is considered contrary to ‘honest commercial practices’. While some conduct will clearly contravene this standard, the potential for differing and inconsistent interpretations across Member States will be high until such time as the Court of Justice of the EU decides a case in which it can give guidance on interpretation.5

The Directive will also make it unlawful to produce infringing goods or place them on the market. In effect, this will be a strict-liability offence, as no particular state of mind is required and liability will follow even if the manufacturer did not know that the goods were infringing.

One aspect of liability that the EU will not insist on, however, is the criminalisation of trade secret misuse. Although some states, such as Germany, France and Finland, already have varying degrees of criminal sanctions in this area, the EU will not compel or encourage Member States to follow suit.6

Reverse engineering is another area where there are no planned remedies. This is a concern in some industries, as highlighted by the Max Planck Institute:

the use without restrictions of trade secrets obtained through reverse engineering appears problematic, in particular in sectors where [. . .] considerable investments are made in the development of new products. Notable examples include the cosmetic industry, which regularly invests quite heavily in the development of perfumes, but where the know-how generated thereby can be decoded with relative ease through reverse engineering. The unrestricted use of such know-how raises concerns that it could pose a substantial threat to the companies concerned, eventually leading to market failure whereby such goods would no longer be produced.7

ii Limitation periods

Businesses are likely to have up to a maximum of six years to take action for damages, although it remains possible that the European Parliament will opt for a shorter maximum limitation period. The original proposal was for a limitation period of two years and this proposal still forms part of one of the two drafts that will be considered by the European Parliament.

iii Remedies

If a trade secret is used, copied or disclosed in breach of the Article 3 standards (including breaches of contractual restrictions in licences, franchise agreements, or non-disclosure agreements (NDAs), for example), the remedies will include:8

  • a injunctions to prevent further use or disclosure of the information;
  • b court orders prohibiting infringing goods from being produced, marketed, sold, stored, imported or exported;
  • c seizure or delivery up of infringing goods (including imported goods) to stop them being circulated in the market;
  • d delivery up of electronic information, even where it is part of a larger file or materials;
  • e court orders compelling product recalls;
  • f orders requiring alteration to the products, so that infringing characteristics are removed (this includes software and electronic data, such as customer databases);
  • g destruction of infringing goods; and
  • h publication of judgments in appropriate cases.

Use in this context also includes using the information to ‘significantly benefit’ the design, functioning or processes used in other products.

IV HARMONISATION OF COURT MEASURES TO PROTECT TRADE SECRETS DURING LEGAL PROCEEDINGS

Article 8 of the Directive will require Member States to introduce measures to preserve the confidentiality of trade secrets during legal proceedings. This includes, at least, the option to restrict parties’ access to hearings and order them to be carried out solely in the presence of legal representatives and authorised experts.

This requirement has the potential to cause a significant change in the law in some Member States, notably Denmark, Poland, France and Belgium. In particular, the potential for hearings to be held in the absence of the parties to the action is unfamiliar to many legal systems and could foreseeably be challenged on human rights grounds.

The introduction of ‘confidentiality clubs’ to control the dissemination of confidential evidence in trade secrets disputes will also be a novel development in many countries. A confidentiality club is an agreement made by parties in litigation that limits access to confidential documents, so that they are only available to specified people. The upheaval to court procedure in countries such as Germany is likely to be dramatic.

V PRACTICAL ISSUES

i Insider threat

Franchisees and their employees and contractors, as well as the franchisor’s own employees and contractors, can be a particular threat to trade secret security, even if they are not malicious. According to the FBI, just under a quarter of insider incidents each year are due to employee mistakes.9

Staff are also often more vulnerable to malicious attacks than they realise. In a 2007 study, Sophos found that phishing attacks from online social networks had a 72 per cent success rate, as opposed to other methods, which only had an average success rate of 15 per cent.10

The threat is even greater from staff with malicious intent, with some estimates placing 85 per cent of data losses at the door of employees. These activities are generally achieved with normal levels of access to company data and systems:

You’re dealing with authorized users doing authorized things for malicious purposes. In fact, going over 20 years of espionage cases, none of those involve people having to do something like run hacking tools or escalate their privileges for purposes of espionage.11

The corresponding amendment to Article 13(1) gives Member States the option of effectively forcing employers to prove intent in employee cases to recover damages. If that is adopted, it will reduce the effectiveness of the Directive to properly compensate businesses in cases of employee trade secret theft. This will compel employers to rely more on the employee contract to ensure they are properly protected.

The requirement to take ‘reasonable steps’ to protect trade secrets will introduce a greater legal impetus for businesses to take more interest in, and place better controls on, the security around their commercially valuable information throughout their supply chains. It will focus similar attention on licensees, franchise holders and other business partners, who will also need to be required to observe mandated security arrangements for the information. This is not always taken seriously by international businesses, however, as confirmed by PwC in its report ‘Key Findings from the 2013 US State of Cybercrime Survey’ (June 2013):

Previous PwC surveys support the view that the supply chain is a potential weak link in cybersecurity – both in the United States and globally [. . .] Companies often struggle to get their suppliers to comply with privacy policies – a baseline indicator of data protection capabilities.

The Directive also abstains from limiting works council representatives in their use of confidential information, leaving that to local laws, the rules of the specific works council and the employers’ contractual rules with the staff representatives.

ii Supply chain problems

As it is often practically necessary for franchisors to share some of their trade secrets with third parties to enable them to operate an effective international supply chain to their franchisees, it is critical to ensure those arrangements adequately protect trade secrets.

The obvious starting point is through the use of suitable confidentiality or NDAs, but it is clear that a one-size-fits-all approach will not be a safe solution. Practical steps to take in preparing appropriate documents include:

  • a properly investigating the requirements of the arrangement – ascertaining with precision what trade secrets will need to be disclosed, and to whom; and
  • b carrying out due diligence on the proposed third party:

• to determine whether it is an established or well-respected business with a track record of previous similar relationships known to have been successful; and

• to determine its corporate status: whether additional NDAs with individual subcontractors, partners or other third parties are required.

It will also be important to monitor the way in which the relationship with any third party develops or changes while it is in possession of trade secrets. Arrangements may need to be refreshed and reinforced, particularly as its personnel changes. Once a third-party arrangement concludes, it will be vitally important to ensure that the post-termination obligations are actually complied with – especially those governing the return of confidential documents and data.

VI IMPLICATIONS FOR FRANCHISING

The advent of this new approach to protecting trade secrets is having both a reactive and proactive impact upon franchising.

On the reactive front, it is essential that franchise agreements are drafted so as to optimise the protection of the franchisor’s trade secrets within the context of the relevant jurisdiction – this is, of course nothing new. The need, however, to ensure that new trade secret laws are central to the way that the franchise agreement deals with the issue is novel. On the proactive front, a result of the new trade secret laws is that the information will likely become commercially exploitable in its own right. For example, some franchises are already exploring new charging structures based on their new ability to classify specific sets of data as ‘trade secrets’. Franchisors and their advisers need to be alive to the opportunities to exploit previously private processes, recipes or datasets in ways that will generate new income streams.

Footnotes

1 Warren Wayne and Mark Abell are partners at Bird & Bird LLP.

2 EC 9870/14.

3 EC 9870/14, Section I, paragraph 2.

4 Article L 621-1 of the Industrial Property Code, which protects ‘manufacturing secrets’ in the context of the employer–employee relationship. The definition included in the draft directive does, however, correspond to that developed by French case law under (1) Article L 621-1 of the Intellectual Property Code and (2) disputes involving contractual matters or unfair competition in which violation of a ‘secret de fabrique’ or trade secret was alleged.

5 Comments of the Max Planck Institute for Innovation and Competition of 3 June 2014 on the Proposal of the European Commission for a Directive on the protection of undisclosed know how and business information (trade secrets) against their unlawful acquisition, use and disclosure of 28 November 2013, COM(2013) 813 final.

6 EC 9870/14, Section II, paragraph 6: ‘Member States agreed that the draft directive should not interfere with their national prerogatives regarding criminal law.’

7 Comments of the Max Planck Institute for Innovation and Competition of 3 June 2014 on the Proposal of the European Commission for a Directive on the protection of undisclosed know how and business information (trade secrets) against their unlawful acquisition, use and disclosure of 28 November 2013, COM(2013) 813 final.

8 EC 9870/14, Articles 11 to 14.

10 See ‘Good Practice Guide: Online Social Networking’, www.cpni.gov.uk/Documents/Publications/2010/2010032-GPG_Online_social_networking.pdf.