< Back

Share |

Trade secrets and FinTech

The Trade Secrets Directive (TSD) was adopted by the European Union earlier in 2016. Member States must implement the TSD into their national laws by 9 June 2018.

September 2016

At heart, the TSD is a positive tool for the FinTech industry. Unique knowledge, processes, inventiveness and creativity are FinTech's raw materials. From new processes to big data analytics, trade secrets can be strategic for decades. Any business, any size can benefit. Painstaking, costly research and creative sparks can result in developments that enable businesses to perform differently, better, or with lower costs. Trade secrets, whether fleeting or enduring, are vital to competitive advantage.

Larger companies are likely to have resources to facilitate management of a portfolio of intellectual property rights, whereas smaller businesses tend to rely more heavily on trade secrets protections, particularly in science and commerce.

The harmonisation of trade secrets law in the European Union is welcome and will confer benefits on businesses in a variety of ways, not least greater certainty of protection. Businesses can have more certainty when sharing information under terms of confidence and use the TSD to deter others from misusing trade secrets and confidential information.

Harmonisation may also help alleviate information leaks and the resulting disputes, for example, where developers and employees misuse information they have picked up on other projects. Cyber crime, theft, business espionage or other misappropriation techniques are on the increase. Tighter and harmonised laws across a large trading union like the EU will allow businesses to maximise a potential competitive advantage and protect consumers as well.

The European Commission’s Europe 2020 strategy seeks to build an “Innovation Union” to “[e]ncourage higher levels of investment in … technological developments … and allowing for improved valuation of intellectual property (IP) such that access to venture capital and financing is enhanced for research-oriented and innovative economic agents.”

The TSD harmonises three key areas:

  • the definition of "trade secrets" and of the circumstances in which the acquisition, use and disclosure of a trade secret is unlawful;
  • processes, protections and remedies in the event of the unlawful acquisition, use or disclosure of a trade secret; and
  • sanctions.

What is a trade secret?

A trade secret is more than "just" confidential information. To be protected, the trade secret should involve information that is "secret", in the sense that it is not generally known among or readily accessible to “persons that normally deal with that kind of information”; have commercial value because of its confidentiality; and reasonable steps should have been made to keep the information secret.

The information needs to be more than trivial so where there is an unlawful use it is likely to harm the interests of the person lawfully controlling it, undermining that person's scientific and technical potential, business or financial interests, strategic positions or ability to compete. It covers know how, business information and technological information. Disclosure of this information would undermine a FinTech firm's technical potential (such as a unique selling point). A trade secret could potentially be an important piece of code, specific client data, bespoke outcomes of anonymised data analytics, client lists, targets, supplier information, pricing, and business plans.

As an aside, an important definition linked to understanding what is a trade secret, is that of the "trade secret holder". This is the person lawfully in control of a trade secret, a definition intended to include recipients of trade secrets, such as licensees.

How do you protect trade secrets?

There is an emphasis on the trade secret holder taking "reasonable steps" to keep the information secret. What constitutes reasonable steps is not addressed in the TSD. Trade secret holders also have a duty of care to preserve confidentiality and monitor the use of valuable trade secrets.

A sensible starting point is based on the rich vein of common case law the UK is able to draw on in which what is "reasonable" has been discussed. While "reasonable" usually depends on the circumstances, it does not mean taking "all steps" and should not be seen as an unhelpful fetter to discussing funding opportunities or running your business.

You need to exercise a level of business prudence: if your trade secret, whether a set of data, a piece of code or a significant launch date, is one of your 'crown jewels', then you should set up some basic protections against its misuse through cybercrime, malevolent employees, or opportunistic business information thieves.

Trade secrets

This reinforces the need for good information governance throughout the lifecycle of a project including the use of confidentiality agreements from the earliest stage whenever confidential information is or may be shared. Confidentiality or non disclosure agreements are vital tools, whether seeking funding from friends and family, when ramping up with venture funding, during discussions on selling a business, when getting involved with outsourcing arrangements, collaborating, or integrating with other systems and products. See the non-disclosure agreement available from Taylor Wessing

A FinTech firm must help itself as part of the process of endowing its special information with trade secrets super powers. This will help flag that it considers information as a trade secret, distinguishing it from mere confidential information. Careless talk in collaborative workspaces, slack password protections, reading important papers on public transport or in coffee shops and other information security shortfalls should be cut out as a minimum. Identifying other reasonable steps may, for FinTech, mean working through provisions in the Financial Conduct Authority (FCA) Handbook Systems and Controls manual (SYSC) 3.2.6 R or 6.1.1 R and chapter 5 of the FCA's Financial Crime Guide.

Bedding in protections?

To consider how internal processes deal with confidential information and trade secrets, it may be useful to pose a number of questions:

  • Does everyone in the business know what information is a "trade secret" to be treated confidentially? This should be clear, precise and unambiguous.
  • Do you have a cogent strategy for the protection of intellectual property and confidential information?
  • Which areas of the business depend on your trade secrets, specialised knowledge and confidential information?
  • Has the business grown or got new employees? Do staff and stakeholders need training?
  • Should you control access to information through graded access rights, technical protective measures and IT security precautions?
  • Do you have a policy on the classification, documentation and storage of trade secrets? Is this followed in practice?
  • Should you consider non-disclosure clauses in agreements with staff, contractors, customers, suppliers and co-operative partners? Have these been reviewed and updated recently? Do you consider these on an individual basis when staff join, are promoted or leave?

While the TSD is to be implemented by Member States by 9 June 2018, a review now will optimise the strength of the business on seeking funding, for acquisitions and growth generally. Reviewing and implementing change can take time and, ideally, contractual protections should be used as soon as possible.

Misuse?

The unlawful acquisition, use or disclosure of a trade secret by a third party can have devastating effects on the legitimate trade secret holder. Consequently, it is unlawful to acquire, use or disclose a trade secret without the consent of the trade secret holder. For FinTech, this may include unauthorised access to any documents or electronic files that are lawfully under the control of the trade secret holder and containing the trade secret or information from which the trade secret can be deduced or any unlawful activity which influences the design, production or marketing activity for a financial product or service. It also covers other conduct considered contrary to honest commercial practices. A trade secret should not be used or disclosed in breach of a confidentiality clause or agreement or any other duty to maintain secrecy of the trade secret.

What to do if you suspect misuse?

The TSD itself provides for injunctive relief to prevent breach or misuse of trade secrets, as well as the destruction or delivery up of documents in breach (e.g. marketing materials or a website). The application of these measures, as well as the possibility of claiming damages, will be subject to the procedures of the Member States implementing the TSD. Such legal redress is typically thought to be expensive and may involve disproportionate and costly use of funds. In these circumstances, correspondence and negotiation are more likely to be the appropriate response to a suspected breach of trade secrets.

There may also be a role for trade bodies to provide or lobby for a low cost methodology to resolve such disputes. It may be appropriate for the Disputes Resolution: Complaints sourcebook in the FCA Handbook (DISP) to be amended to give the Financial Ombudsman Service jurisdiction in cases where smaller firms allege trade secrets misuse by a larger firm or for the FCA to promote more actively how FinTech firms may raise issues with the FCA where they are being unfairly hampered by alleged misuse. The FCA has a specific mandate to promote healthy competition in the financial services sector, including, for example, acting on specific behaviour of one firm that prevents other firms from accessing consumers or markets. The FCA may then be able to use a wider range of resources and powers than laid out in the TSD.

Particular risk areas: mobility and agility

When collaboration and cooperation is encouraged, buoyant investment in innovative processes, services and products follows. This is important for employment growth and for improving the competitiveness of the economy.

An agile and mobile workforce and crowdsourced development techniques are relatively recent developments, particularly useful for FinTech. It is also important for individuals to have relative freedom to earn a livelihood and advance their own prospects. In keeping with the established UK position, the TSD cannot be used to:

  • limit employees’ use of information not constituting a trade secret;
  • limit employees’ use of the experience and skills they have honestly acquired in the normal course of their employment;
  • impose any additional restrictions on employees in their employment contracts other than in accordance with Union or national law; and
  • prevent whistleblowing.

The UK government wants to make Britain the best place in Europe to innovate and start up a new business and is considering, among other things, whether existing employment provisions could be stifling British entrepreneurship.

Earlier in 2016, the then Department for Business, Innovation and Skills published a Call for Evidence about non-compete clauses and the effect they are having on startups, employers and workers. Although non-compete clauses are commonly used in many countries, the US state of California is a well-known example of a jurisdiction where they are unlawful and US research suggests the limited use and enforcement of such clauses has had a positive impact on breaking down barriers to innovation and stimulating growth in the technology sector. For further information see our article on Do non-compete clauses stifle entrepreneurship and innovation?

It is difficult to predict whether this will come to fruition. Nevertheless, any covenant in an employment or commercial agreement must be carefully positioned to ensure it will be enforceable – because such clauses can be considered to restrain trade and because of the TSD's important protections.

Infringing services and consequences

EU

EU Member States are required to develop the measure, procedures and remedies to provide redress for infringement of trade secrets under the TSD and this is clearly relevant to services as well as goods. But, as mentioned, because of the often prohibitive costs of seeking orders to cease misuse of trade secrets or the real costs of the misuse being the adverse publicity for the trade secret holder or of the misuse, it is most advisable to spend time considering how to take practical security measures to protect your trade secret from misuse in the first place.

As prevention of misuse is ultimately a better protection, we do not explore the additional corrective measures laid out in the Trade Secrets TSD (e.g. dealings in infringing goods) in this summary. There are, however, a range of preliminary, precautionary and final measures that can be pursued (including injunctive relief, financial damages, and the powerful tool of publicity).

Regulated firms must also consider whether misuse of another's trade secrets would be considered as a breach of the Principles of Business (e.g. Principle 1 – conduct business with integrity). Appropriate mitigation steps should be embedded within the recruitment process for posts intended to boost provision of services through technology.

Next steps

The TSD is mercifully short compared with a lot of financial services legislation with which FinTech firms have to grapple. But the drafting is not always clear and how Member States implement the TSD is likely to raise further debate given the relatively loose level of harmonisation provided for.

Implementation of the TSD does not prevent Member States from legislating more far-reaching provisions in the absence of specific provisions of the TSD, and some Member States, such as the UK, will consider that the majority of the provisions of the TSD are already satisfied by existing laws. In the UK, these have been developed, for example, around concepts explored since Faccenda Chicken v. Fowler [1987] Ch 117 and more recently in the Vestergaard series of cases (see [2013] UKSC 31).

Despite these issues, however, the concept of the TSD is welcome. Up-to-date and effective enforcement measures are positive developments and the TSD does not shut down important angles of innovation driven by independent thought, reverse engineering, or journalistic observation. This TSD is about protecting against misuse rather than providing an exclusive right to knowledge and business information.

The international nature of many financial services businesses, particularly those offering technology-based solutions, should benefit from such measures, which boost existing drives to help FinTech businesses prevent others from misusing their trade secrets – where they have also followed a programme of self-help protections. A less fragmented regime should also be more effective against misuse by third country infringers.

A note on Brexit

At the moment, although the UK voted to leave the European Union in the UK's Referendum vote in June 2016, businesses must continue to meet obligations under UK law, including those derived from EU law. The UK and businesses must continue with implementation plans for any legislation that is still to come into effect. As a Directive, Member States, including the UK, need to adopt implementing laws for the TSD and the transposition date 9 June 2018. During the transposition, the UK Department for Business, Energy and Industrial Strategy (BEIS) is likely to assess whether any amendments will be required to the UK legal and regulatory framework, including as a result of any negotiations following the UK's vote to leave the EU. Businesses may wish to continue to access EU markets. This will be facilitated if businesses reach a sound level of compliance and where at least equivalent provisions to those in the TSD remain embedded in UK law and regulation.

If you have any questions on this article please contact us.

Trade secrets and FinTech
Jonathan Rogers

      

Paul England





We examine how the Trade Secrets TSD will help FinTech.

"if your trade secret … is one of the 'crown jewels' of your business then you should set up some basic protections against its misuse …"