Starting June 2018, companies will be able to protect their “valuable know-how and business information”, also known as business secrets, thanks to a European directive from June 8th, 2016. This directive will be transposed into French law by June 2018 at the latest. Therefore, protection of business secrecy will be legally strengthened.
The purpose of this directive is to build a uniform legal framework that allows companies to protect almost automatically confidential elements at the origin of an innovation and thus develop collaborations between economic actors of the member countries of the European Union.
I – What is business secrecy ? Legal definition
The European Commission defines business secrecy as “valuable know-how and business information, that is undisclosed and intended to remain confidential”. More specifically, it sets out three requirements for the validity of a business secret:
- Requirement 1 : This information is secret in that “it is not […] generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question”.
- Requirement 2 : “It has commercial value because it is secret”.
- Requirement 3 : “It has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret”.
Examples include technological knowledge, business data related to customers or suppliers, business plans, strategic studies, and any other data or process that enables a company to make profit.
II – How to implement “reasonable steps” for the protection of business confidentiality?
Requirement 3 of the European Directive defines that the person must prove that the secret information defining business secrecy must have been subject to reasonable steps […] to keep it secret.
However, the order does not specify which reasonable steps must be taken to protect this secret information. Confidentiality agreements are one way of meeting this requirement. The computer security of confidential data is another. But beyond this technical protection, the first step consists in ensuring the proof of this secret information by time-stamping and certifying it.
In a concrete case, if an employee stole the models from company A before taking them to company B, how could he prove that company A was indeed at the author of the models ? Here, certification and time-stamping of the models by Company A would have proven to the judge that the models were stolen.
III – Blockchain technology to time-stamp and certify the integrity of business secret
Essentially, a blockchain is a digital register that operates without a central control body. On this register, there is no longer a need for a third party certifier such as a notary, the Soleau envelope, etc. which are responsible for creating certificates of authenticity; these can now be generated with a network of computers that store the proof of existence and integrity of a data.
This technology is of great interest to companies which see it as a digital data certification tool. It indeed allows to time stamp and create the proof of integrity of a data in a secure, durable and low cost way compared to existing solutions.
For business secrecy, it would be sufficient to write a description of all the confidential information that characterizes it and to create their digital fingerprint, equivalent to the fingerprint but for data: each data has its own digital fingerprint. If text data on a PDF document is changed by even a comma, its digital footprint will be completely different. This digital fingerprint is then added to the blockchain, allowing it to be time-stamped and guaranteeing its integrity.
Datatrust is a digital file certification solution that uses blockchain technology. Our platform has been designed to fit the needs of large companies, law firms and startups. Datatrust allows them to certify their data in a few clicks and edit a certificate in PDF format.