Austria: Trade secret protection confirmed
Managing IP is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Austria: Trade secret protection confirmed

Both parties in this case produce and commercialise ticket and entry systems for skiing areas, stadiums and similar establishments and have the same customer circles. The plaintiff additionally runs server installations for internet use by its customers, who use its systems to store clients' data. This data is protected by a login requiring a username and password. The data can be read in the form of reports, for example concerning names and addresses of buyers of tickets. The same is possible on a server of a larger customer on which the plaintiff runs that application for the customer. These reports were routinely stored on caches as intermediate storage media.

In 2015 an employee of the defendant began to connect to the server by circumventing the password protection. No usernames and passwords were disclosed to the plaintiff. That employee had taken a picture of the computer screen at a customer who made an analysis of competitors and therefore had invited the defendant. From that photo a certain internet address (URL) could be gathered. By trial and error and slight modification of that URL also other reports could be downloaded. Only in February 2016 had the plaintiff installed enough changes which ended the intrusion of the defendant.

The defence centered on three topics, namely, (1) there is no trade secret since the data was easily retrievable, (2) there is no trade secret of the plaintiff, therefore it has no active legitimation to sue, and (3) there is no proof of an act against law or moral since it remained open whether the respective customer had consented to the screen being photographed and the onus of proof lies with the plaintiff. But the defendant lost in all three instances. The Supreme Court found (4 Ob 165/16t):

  • These data are trade secrets. The hitherto valid definition of trade secrets in Austria is: technical or commercial facts and knowledge only known to a certain limited number of persons and which should not become known to others and there is an economic interest that they remain secret. The will to keep these facts and knowledge secret need not be declared clearly. It suffices that it can be deducted from the behaviour of the entrepreneur that certain not generally available information should be kept within a restricted circle.

    This prerequisite is met with data that can only be read regularly by logging into a database protected by a username and password. This protection shows that the data is restricted to a certain circle of persons. The existence of security loopholes – as apparently present in this case – does not allow the conclusion that the entrepreneur no longer has any interest in keeping the data secret. Third parties would have to guess that the entrepreneur had no knowledge about these loopholes.

    The Directive (EU) 2016/943 of June 8 2016 on the protection of undisclosed know-how and business information (trade secret) against their unlawful acquisition, use and disclosure published in the official Journal of the EU No L 157/1 does not disprove that finding. The third part of the definition in Article 2 paragraph 1(c) states that trade secrets are protected if the information "has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information to keep it secret". It does not matter whether this part of the definition could eventually mean that no loopholes for easy access have to exist besides the central protection by password since member states are allowed to grant a wider protection as required by that Directive. Therefore, sensibly restricted password protection is for the time being sufficient to grant trade secret protection.

  • Here, the data is (also) a trade secret of the plaintiff. The customer's data is in the custody of the plaintiff and the plaintiff has a strong own interest in the secrecy. Without it the contracts with the customer would not be renewed and severe danger claims from the customers would be threatening. These two conditions, right of disposal and own interest in secrecy, suffice for an active legitimation to sue.

  • There can be no doubt in the illegality of retrieving data by intrusion into another's computer system. The defendant centres the legality of its acts on a supposed allowance of the customer to take a picture of the computer screen. But that is irrelevant. It does not follow from that allowance that there is consent to download his own data and even less to download data of other customers.

In effect all three aspects of the defence were unsuccessful.

This case shows that trade secret protection is alive in Austria. We shall see in what way the EU Directive on trade secret protection will enhance that protection.


Helmut Sonn

SONN & PARTNER Patentanwälte

Riemergasse 14

A-1010 Vienna, Austria

Tel: +43 1 512 84 05

Fax: +43 1 512 98 05

more from across site and ros bottom lb

More from across our site

A team of lawyers who joined Norton Rose Fulbright from Polsinelli say they were drawn to the firm's global platform
We provide a rundown of Managing IP’s news and analysis from the week, and review what’s been happening elsewhere in IP
Lawyers say a ruling concerning liability for trademark infringement could give company directors an easy way out and create litigation uncertainty
The LMG Life Sciences Awards announces the winners for the 5th annual awards
Some US lawyers have strengthened their connections with European firms as they help clients determine whether the UPC will become a 'centre of gravity'
In the latest episode, the team discusses the battle to take control of listed company and IP business Qantm IP, and looks at some recent hiring trends
To mark Mental Health Awareness Week, lawyers explain how they manage their mental health, and how they pluck up the courage to ask themselves difficult questions
IP lawyers unpick a case heard at the CJEU’s Grand Chamber this week that could potentially create a new world for litigation in Europe
A lawyer who replied to a cease-and-desist letter with just two words has shown others how to deal with vexatious infringement allegations
The suggested rule change surrounding terminal disclaimers could ease the burden on defendants, but risks complicating prosecution strategies
Gift this article