Young entrepreneurs and start-ups in particular may ask themselves why the protection of trade secrets is important at all and why it will become more important than ever in the future. In view of the regulatory issues that arise in the development and manufacturing of medical software, it is worth looking at the protection of intellectual property. Many manufacturers have or will have the sorrowful experience that it is a long way from the – often ingenious – idea to the regulatory conform product ready for sale. The knowledge gained during the development of a product – for example a medical software – is worth to be protected. Not only has the acquired know-how regularly swallowed up large sums of manpower and, in the end, money. In addition, the know-how behind the product is a serious economic factor.
Even if manufacturers had previously refrained from attempting to obtain intellectual property rights for the know-how they gained, the rules of the regulations on the protection of trade secrets aided them in any way. Formulas, recipes, samples, technical know-how, business plans or even data relating to market conduct of a company were previously protected as a trade or business secret – inter alia – by provisions of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG). However, these regulations concerning the protection of secrets are currently being replaced by the new trade secret act. The resulting changes also affect manufacturers of medical software. It is worth taking a closer look at changes in the following.
News on German Trade Secret Act
On 26 April 2019 the German Trade Secret Act (Geschäftsgeheimnisgesetz – GeschGehG) came into force implementing the Trade Secret Directive (EU) 2016/943 on an almost 1 to 1 basis. The aim is the prevention of unlawful acquisition, use and disclosure of trade secrets. It is supplementing already existing criminal, civil and civil procedure laws, as well as partly replacing unfair competition provisions. In more detail, the new act provides the basis for legal remedies against infringement of trade secrets, such as injunctive relief, destruction, surrender and recall, information, damages and the publication of court decisions, as well as it sets trade secret protection standards for trade secret disputes.
As a directive, the new European law – in contrast to a regulation such as the Medical Device Regulation (Regulation (EU) 2017/745 – MDR) – is not directly applicable in the Member States. Rather, the individual Member States had to transpose the Directive into national law, as has happened with the GeschGehG mentioned above. Therefore, the following explanations are based on German law, but can be generalized because of its European basis. As mentioned, the wording of the Directive has to a large extent been adopted exactly in the German law.
The two Key Changes
On the one hand, it is no longer enough to claim that a certain information was a trade secret as trade secrets are newly defined. Trade secrets (including technical and commercial knowledge) will only be regarded as such if the information was traceably and objectively subject to appropriate secrecy measures.
In addition to this new requirement, there is also the already known requirement that the information that is to be qualified as a trade secret must not be generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question.
On the other hand, the act contains a general permission of reverse engineering, which was until now in principle forbidden under German law.
The Effects on Manufacturers of Medical Software
What can we recommend to manufacturers of medical software wanting to protect their know-how in the future?
Take adequate trade secret measures. In particular, you should classify and document of trade secrets, establish a trade secret management, set-up confidentiality standards, and implement IT protection measures. Remember that it will no longer be enough to claim that a certain information was a trade secret. It will now be necessary to show which secrecy measures were taken to protect this information.
In order to prevent reverse engineering, one can contractually preclude it within the set civil law limits. Thus, as manufacturer you should update all relevant contracts and especially non-disclosure agreements.
Specific Requirements on Measures for Trade Secrets
According to Sec. 2 no. 1 lit. a) GeschGehG the person which would like to invoke on a Trade Secret needs to take reasonable steps to secure the information. If a step is reasonable according to Sec. 2 no. 1 lit. a) GeschGehG is subject to a case-by-case decision. Therefore, no general guidance can be given on how to protect each and every information as a secret. Nevertheless, in the statement of reasons of the German GeschGehG, you may find some hints what measures may be reasonable here.
How Can You Achieve Protection for Your Trade Secrets?
The requirements on a reasonable step are decisively influenced by the quality and characterization of the information that is to be qualified as a secret. Also, the circumstances of the use of the information are important regarding the assessment of a step as reasonable. Among other factors, the value of the information is crucial. Two protection options are conceivable:
- Protect your information contractually. You may implement this internally by means of employment contracts and externally by means of inter-company agreements with confidentiality clauses.
- Moreover, you should consider technical security measures. Technical security measures could be technical access barriers (e.g. passwords) or encryption of certain documents. Note, however, that not every single information to be qualified as a secret has to be specifically marked. It is enough if you design and implement measures for certain categories of information.
It is important to know that the burden of proof regarding the implementation and performance of reasonable steps is on the person or entity which is claiming and defending a trade secret. Therefore, best take care of reliable documentation of the security steps carried out.
Specific Requirements on Preventing Reverse Engineering
Reverse engineering means deconstruction and analysis of an object with the aim of discovering the structure and the hidden know-how contained. According to this definition, software can be reversly engineered, too. So far the already existing Sec. 69e German Act on Copyright and Related Rights (Urheberrechtsgesetz – UrhG) allows you only to decompile a software for interoperability reasons. Thus, it is possible, that a competitor purchases your medical software to analyze it and then be able to improve his own software. Or he even tries to sell a similar software.
According to the GeschGehG reverse engineering becomes lawful when the product has been made available to the public or the product is in lawful possession of the person that performs the reverse engineering, Sec. 3 para. 1 no. 2 GeschGehG.
We recommend two ways to protect your business from such actions:
- Sign contracts with your supply chain and economic operators in which they are obliged to omit any reverse engineering. Ideally, you sign these contracts with your competitors, too. However, it is questionable if they are willing to sign such contracts.
- Design your software in a secure way, e. g. to avoid the ingress of the developers of your competitors.
We like to thank Dr. Ulrich Spiegel for supporting us.