Trade Secret protection and big data
An Italian view
14 December 2018
Access to big data is currently regulated through rights in rem, by granting license rights. However, rights in rem are not enforceable against third parties. The upcoming national implementations of the EU Trade Secret Directive will provide an opportunity to Member States to facilitate suitable protection to investments made in big data and data science.
Trade Secret's protection and big data: an Italian view
The aim of intellectual property law is to reward investments made towards innovation. Nowadays, one of the most relevant drivers of innovation is data science, i.e. the techniques of analytics (models and algorithms) applied to 'big data' which is mined from several data lakes and collected from a number of sources (e.g. social networks, apps, web traffic, Internet-of-Things, etc).
However, the very concept of big data does not easily lend itself to 'classic' intellectual property protection. As such, enforcing rights in big data may prove to be a difficult task.
Enforcing rights in big data through 'classic' intellectual property rights
As far as patent law is concerned, courts subject patentability to the narrow condition that software solves a technical issue or improves a process (e.g. by reconfiguring data into different display sets, or by reformatting data from disparate sources), and not just executes routine operations (e.g. collecting or listing data) which an individual may do by hand.
The copyright protection to databases also only offers a limited scope of protection, since copyright covers the way data is compiled and not the content of the compilation (data) or the algorithm used. As recently confirmed in the EU Commission's report following the consultation on the Database Directive, the sui generis right in a database also provides limited protection. According to CJEU case-law on the matter, the creation of a database must be excluded from the relevant investment. Furthermore, the territorial limitation imposed on sui generis rights in databases (only enforceable within the European Union and few additional countries) clashes with the global nature of big data operations.
From a civil law standpoint, data per se cannot be owned as clarified by a number of case precedents all around Europe. That being said, access to data can be regulated: when granting access to a third party pursuant to a license agreement – in order to maximise the value of big data – contract law may provide legal basis for the data right holder to both seek reward for its investment in and to maintain control over data. However, competitors who are not party to the license agreement may still aim at taking a free ride off the back of the right holder who may then not be in a position to rapidly enforce its rights against these free riders.
Trade Secrets: can secrecy protect investment in big data?
Some Italian jurists are debating whether trade secrets could ensure confidentiality over algorithms and processes.
The issue is of particular interest in the EU, since Member States are about to implement the Trade Secret Directive. Implementing this directive may change the way trade secrets have previously been dealt with by affording a greater level of protection to big data processes and data science techniques.
The current Italian approach to trade secrets already considers these issues and could therefore be seen as an appropriate model for national implementation of the Trade Secret Directive. In particular, data mining and data analytics processes can meet the ordinary requirements imposed by articles 98-99 of Italian Code of Industrial Property which cover both 'commercial' (e.g., customer lists andmailing lists) and 'technical' know-how (e.g., data mining and data analytics, formulae, procedures, and techniques ).
Data mining and data analytics processes will likely fall under 'technical know-how'. These processes are secrets, i.e. they are not, as a body or in the precise configuration and assembly of the components, generally known among or readily accessible to persons within the circles. Data mining often entails a high degree of subjective judgment. These processes also have commercial value, in that the very goal of big data is to give the data holder a competitive advantage lying in the insights that can be inferred from data. Lastly, the data holder can easily adopt reasonable steps to keep the data secret, by employing technical measures of protection and/or legal measures, such as confidentiality and non-disclosure agreements, which, in any event, allow additional protection and easy-to-enforce contractual remedies against breaches of confidential processes.
In addition to license agreements, which can help the right holder regulate rights in and access to data, protection under trade secrets rules seems to be the best candidate to afford legal protection against third-parties' unauthorised use of big data and data science. The upcoming national implementation of the Trade Secret Directive into the EU Member States' regulations could be the first opportunity to expressly confirm this expectation.
See Also: -
Andrea Ottolia, Big Data e innovazione computazionale: http://www.giappichelli.it/big-data-e-innovazione-computazionale,9211234
Andrea Tuninetti Ferrari, Big Data: Balancing the Web User's and the Service Provider's Rights in the Big Data Era: http://dspace-unipr.cineca.it/bitstream/1889/3333/1/Andrea%20Tuninetti%20Ferrari%20-%20Tesi%20dottorato%20-%20Big%20Data.pdf