Austria: Trade secret protection confirmed
Managing IP is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement
Cookies Settings

Austria: Trade secret protection confirmed

Managing IP Correspondent
February 22, 2017

Both parties in this case produce and commercialise ticket and entry systems for skiing areas, stadiums and similar establishments and have the same customer circles. The plaintiff additionally runs server installations for internet use by its customers, who use its systems to store clients' data. This data is protected by a login requiring a username and password. The data can be read in the form of reports, for example concerning names and addresses of buyers of tickets. The same is possible on a server of a larger customer on which the plaintiff runs that application for the customer. These reports were routinely stored on caches as intermediate storage media.

In 2015 an employee of the defendant began to connect to the server by circumventing the password protection. No usernames and passwords were disclosed to the plaintiff. That employee had taken a picture of the computer screen at a customer who made an analysis of competitors and therefore had invited the defendant. From that photo a certain internet address (URL) could be gathered. By trial and error and slight modification of that URL also other reports could be downloaded. Only in February 2016 had the plaintiff installed enough changes which ended the intrusion of the defendant.

The defence centered on three topics, namely, (1) there is no trade secret since the data was easily retrievable, (2) there is no trade secret of the plaintiff, therefore it has no active legitimation to sue, and (3) there is no proof of an act against law or moral since it remained open whether the respective customer had consented to the screen being photographed and the onus of proof lies with the plaintiff. But the defendant lost in all three instances. The Supreme Court found (4 Ob 165/16t):

  • These data are trade secrets. The hitherto valid definition of trade secrets in Austria is: technical or commercial facts and knowledge only known to a certain limited number of persons and which should not become known to others and there is an economic interest that they remain secret. The will to keep these facts and knowledge secret need not be declared clearly. It suffices that it can be deducted from the behaviour of the entrepreneur that certain not generally available information should be kept within a restricted circle.

    This prerequisite is met with data that can only be read regularly by logging into a database protected by a username and password. This protection shows that the data is restricted to a certain circle of persons. The existence of security loopholes – as apparently present in this case – does not allow the conclusion that the entrepreneur no longer has any interest in keeping the data secret. Third parties would have to guess that the entrepreneur had no knowledge about these loopholes.

    The Directive (EU) 2016/943 of June 8 2016 on the protection of undisclosed know-how and business information (trade secret) against their unlawful acquisition, use and disclosure published in the official Journal of the EU No L 157/1 does not disprove that finding. The third part of the definition in Article 2 paragraph 1(c) states that trade secrets are protected if the information "has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information to keep it secret". It does not matter whether this part of the definition could eventually mean that no loopholes for easy access have to exist besides the central protection by password since member states are allowed to grant a wider protection as required by that Directive. Therefore, sensibly restricted password protection is for the time being sufficient to grant trade secret protection.

  • Here, the data is (also) a trade secret of the plaintiff. The customer's data is in the custody of the plaintiff and the plaintiff has a strong own interest in the secrecy. Without it the contracts with the customer would not be renewed and severe danger claims from the customers would be threatening. These two conditions, right of disposal and own interest in secrecy, suffice for an active legitimation to sue.

  • There can be no doubt in the illegality of retrieving data by intrusion into another's computer system. The defendant centres the legality of its acts on a supposed allowance of the customer to take a picture of the computer screen. But that is irrelevant. It does not follow from that allowance that there is consent to download his own data and even less to download data of other customers.

In effect all three aspects of the defence were unsuccessful.

This case shows that trade secret protection is alive in Austria. We shall see in what way the EU Directive on trade secret protection will enhance that protection.

sonn.jpg

Helmut Sonn

SONN & PARTNER Patentanwälte

Riemergasse 14

A-1010 Vienna, Austria

Tel: +43 1 512 84 05

Fax: +43 1 512 98 05

office@sonn.at

www.sonn.at

Topics

AustriaPatentsEuropeJurisdictions
managing-ip.png
Managing IP Correspondent
Contact
more from across site and ros bottom lb

More from across our site

Patents
Documents locked with padlock and chains.
This week on MIP: Behind UPC transparency win, Orrick and Fieldfisher boost IP teams
We provide a rundown of Managing IP’s news and analysis from the week, and review what’s been happening elsewhere in IP
Max Walters, April 19, 2024
MIP+ WcW 680x383 Client Management@4x.png
What Corporates Want: client management
Law firms that pay close attention to their client relationships are more likely to win repeat work, according to a survey of nearly 29,000 in-house counsel
Sukanya Sarkar, April 19, 2024
Copy of Copy of LMG smc 1200 x 627 (750 x 500 px) (1).png
Legal Benchmarking Group DEI Awards EMEA
The EMEA research period is open until May 31
John Harrison, April 18, 2024
Patents
Business Networking. Generative AI
Law firm leaders: proving value to clients goes beyond ‘simple metrics’
Practitioners analyse a survey on how law firms prove value to their clients and reflect on why the concept can be hard to pin down
Rani Mehta, April 18, 2024
Patents
MIP Podcast newsletter header banner sample-2000.jpg
The IP Lounge: Kevin Mooney on his half-century in IP law
The winner of Managing IP’s Life Achievement Award discusses 50 years in IP law and how even he can’t avoid imposter syndrome
Max Walters, April 18, 2024
Patents
Saya Choudhary profile pic.jpg
Behind the case: How Singh & Singh scored record SEP win for Ericsson
Saya Choudhary of Singh & Singh explains how her team navigated nine years of litigation to secure record damages of $29 million and the lessons learned along the way
Sukanya Sarkar, April 18, 2024
Awards
Copy of Copy of LMG smc 1200 x 627 (840 x 439 px).png
LMG DEI Awards 2024: Americas Shortlist revealed
The full list of finalists has been revealed and the winners will be presented on June 20 at the Metropolitan Club in New York
John Harrison, April 17, 2024
Trademarks
Artboard 1@4x.png
Fieldfisher boosts German IP team with quadruple hire
A team of IP and media law specialists has joined from SKW Schwarz alongside a former counsel at Sky
Max Walters, April 17, 2024
Patents
Ha'penny Bridge in Dublin
Luck running out for Irish UPC hopes
The Irish government has delayed a planned referendum on whether Ireland should join the Unified Patent Court, prompting concern about when a vote may take place
Max Walters, April 17, 2024
Awards
Awards weekly take.jpg
Weekly take: Reflections on a record Managing IP Awards
With more than 250 winners recognised during the ceremony, there are many reasons to be positive about the health of the IP industry in EMEA
Max Walters, April 17, 2024
Gift this article