Industrial data and trade secrets: A balanced approach or an excessive mismatch?

(1)

Industrial data and trade secrets: A balanced approach or an

excessive mismatch?

By

Melissa Mata Agüero

LL.M. Candidate 2017/2018

Thesis directed by

(2)

Abstract

(5)

Acknowledgements

I would like to thank my thesis supervisor Prof. Dr. jur. Ansgar Ohly, Chair of Private Law, Intellectual Property and Competition Law of LMU Munich Faculty of Law (Ludwig-Maximilians-Universität München). Prof. Ohly besides from being one of the best lecturers of the MIPLC, his doors were always open when I needed advice during my writing. I thank him very dearly for his guidance and comments for this thesis.

(6)

Acronyms and Abbreviations

EU = European Union

GDPR = General Data Protection Regulation IoE = Internet of Everything

IoT = Internet of Things

IPRs = Intellectual property rights SME = Small to medium enterprise

TFEU = Treaty on the Functioning of the European Union

TRIPS = Agreement on Trade-Related Aspects of Intellectual Property Rights

(7)

Introduction

“Data’s value—its power, its meaning—is the very thing that also makes it sensitive. The more data, the more power. The more powerful the data, the more sensitive. So the tension we’re feeling is unavoidable.”1

Ever increasing datasets are produced and transmitted in the current digital world. This dissertation will focus on the industrial data generated in the context of the usage of machines in an industrial or private environment. For the purposes of this work, the analyzed legal issues will be centered towards non-personal data or at least anonymized data. Therefore, any regulation or act regarding personal data will be excluded from this research. The relevant industrial data for this study is that collected by sensors installed and connected in: industry manufacture, home appliances, means of transportation, farming machines, research experiments, among others.

In this context, the large datasets gathered must be further prepared and analyzed in order to provide them with a valuable meaning, interpretation and usage. Once data is processed, the results can be used for the enhancement of new technologies. These improvements can include better and more efficient ways to communicating, transporting, preventing deceases and even increasing security and providing solutions for the protection of the environment.

From a purely legal perspective, one major question that arises is which type of legal regime can be applicable to this industrial data, due that currently there is no specific regulation on it. This dissertation will dive in the question of whether trade secret law could be applicable for industrial data and if so, going through the necessary requirements for data to qualify as a trade secret and determine whether this protection is balanced between the interests of the holders and the interests of the users.

This work will be divided into three sections. The justification, definition of data, determination of legal interests behind data and comments regarding

(8)

(9)

I. Justification, legal interests and current

debate around data

1. Why Industrial data?

Data is everywhere and has a considerable impact on day to day life in general as well as businesses. Broadly speaking and for the purposes of this work, two of the accepted definitions of data that will be taken are: “machine-readable encoded information”2_{and “information in digital form that can be} transmitted or processed”.3_{Companies are using data primarily to improve} their decision making processes, operations and farther monetize the data they have under their control.4_{Moreover, data can be useful to gain efficiency in} machine performance, predict and diagnose breakdowns, get insights of the best moments for reaping, know consumers preferences and their opinion about goods and services, and so on.

The growth of data all over the world is increasing exponentially5_which is one of the things that make data scientists and researchers so busy to uncover the mysteries behind it. This phenomenon has been possible partly due of the Internet of Things (IoT) which plays an important role in enhancing a business operation due to the sensors attached in the devices that can detect in real time for example, the mal functioning of machines. This catchword (IoT) alludes to the connection of devices such as smartphones and TVs that gather and transmit data through the Internet.6

IoT and its ubiquity generates an impact in every single device connected to the internet. Also, this concept forms part of the bigger term Internet of Everything (IoE) which includes the connectivity not only of things but also

2_{Zech, H., “A legal framework for a data economy in the European Digital Single Market:} rights to use data”, (2016), Journal of Intellectual Property Law & Practice, Volume 11, Issue 6, 1 June, p. 462, quoting Zech, H., “Information als Schutzgegenstand” (2012), Mohr Siebeck, p. 32.

3_{"Data." Merriam-Webster.com. Merriam-Webster, n.d. Web.}

4_{Marr, B., Data Strategy, (2017), Great Britain, Kogan Page Limited, p. 8.}

5_{Siegel (supra n. 1), p. 113.}

(10)

people, businesses and data.7_{This situation has permitted the generation and} collection of data in levels that were unimagined before. Hence, granting the possibility of getting highly useful information to improve day to day usage of devices as well as creating potential for the progress of industries and generation of new innovative business models.

All of the above makes data a trend topic for the marketplace, businesses, consumers and users in general. Likewise, IoT and cloud computing play a key role in the fourth industrial revolution (industry 4.0). According to Marr, industry 4.0. brings the concept of “smart factory”, where networked computers are involved in the decision making process in a decentralized way, communicating among each other in real time.8

In these so called “smart factories” one of the roles of data is to operate as a communication language between different connected devices, serving to a higher purpose for a better decision making and enhancing the operation of a factory as a whole. This is the same case in smart devices and self-driving cars, in which the goal is also that they will be all connected to the Internet and communicate in real time with each other in order for automated driving to be fully feasible and put into practice.

In smart devices like house appliances connected to the Internet, part of the gathered data is used to improve the consumer experience and aid in the maintenance of the device, also as for the purchase of needed goods from the grocery store, for instance. Likewise, companies like John Deere offer a service to farmers in order for them to have access to data of the performance of machines, conditions of the soils and crops.9_{The implications of the usage} of data in this form rise questions as whether this data can be subject to factual or legal exclusivity, because otherwise it might be an obstacle to the sharing of data, in order to achieve the stated objectives of industry 4.0. to make able that devices communicate with each other in real time. This will be data as “a

7_{“(…) IoE provides links not only among things, but also data, people and (business)} processes. Evolution of current sensor and device networks, with strong interaction with people and social environments, will have a dramatic impact on everything from city planning, first responders, military, and health.” Di Martino, B., et al., (eds) Internet of Everything Algorithms, Methodologies, Technologies and Perspectives, (2018), Springer, Singapore, p. 2.

8_{Marr (supra, n.4), p. 11.}

(11)

communication language among devices and machines” which relates to the fact that many of the times data is used in “real-time”, and therefore has the specific feature that it is constantly changing,10_{raising up issues of access and} qualification for its protection. Also it poses questions regarding the interoperability of the information, specially within the proposal of the European Union (EU) Commission on the free flow of data, which intends there is portability for non-personal data.

Taking into account the big importance about data in the current scenario, the main issue that arises throughout the industrial data phenomenon is that it is not regulated at all in any specific legal provision.11_{What is indeed} protected is personal data, which is lex specialis under the General Data Protection Regulation (GDPR). Nonetheless, this dissertation will not focus on that type of data, hence, only in industrial data that currently lacks of specific regulation for its protection and access.

1.1 Classification and types of data

For delimitation purposes, the data to be analyzed will be non-personal and anonymized data. This is also due to the essential fact that personal data is under the umbrella of human rights12_{and thus, its regulation as a} fundamental right is above the parameters of trade secrets.

In order to make the legal analysis of trade secrets it is necessary to know the most relevant different classifications of data. This is due to the fact that depending on the type of data, its qualification under trade secrets protection might vary, as well as the further analysis of the balancing approach on the advantages for trade secrets holders versus users and the public interest. Thus,

10_{Surblytè, G. “Data as a Digital Resource”, (2016), Max Planck Institute for Innovation and} Competition, Research Paper No. 16-12, p. 3.

11_{Ibid., p. 1. See also Wiebe, A., “Protection of industrial data – a new property right for the} digital economy?”, (2017), Journal of Intellectual Property Law & Practice, Volume 12, Issue 1, 1 January, p. 66.

(12)

the most common types of classification of data are under the following categories:

Concerning the legal protection of data:

• Data in which property rights already exists such as music files protected by copyright law.

• Personal data subject to fundamental rights and privacy laws of data protection.

• Data that is neither protected by intellectual property rights (IPRs) nor data protection such as data produced by machines like sensor data.13

Concerning the personal aspect of data:

• Personal data is defined by the GDPR as any information related to an identified or identifiable natural person –directly or indirectly– in particular to an identifier like name, location, identification number, etc. 14

• Non-personal data is any information that does not fall in the previous category.

• Anonymized and pseudonymized data.15_{However, the latter has} also been called as “semi-personal data” due that it can eventually be traced back to the person.16

• With user’s input or machine – generated data. This will make a difference in whether the data is considered personal or non-personal.

Concerning the control of data:

• Internal data is any information a company possess or collect and is only controlled and generated by the company.

• External data is any information that exists outside the scope of the company. This can go from the range of public data to data

13_{Kerber, W., “Governance of Data: Exclusive Property vs. Access”, (2016), International} Review of Intellectual Property and Competition Law, 47, p. 760.

14_{Article 4, GDPR, EU 2016/679.}

15_{Esayas S., “The role of anonymisation and pseudonymisation under the EU data privacy} rules: beyond the ̳all or nothing‘ approach”, (2015) European Journal of Law and Technology, Volume 6, No 2, p. 4.

(13)

controlled by third parties like government data and weather data.17

Concerning how data is generated: Surblytè offers her types depending on how the data is made:

• Collected like personal and non – personal data.

• Created such as when is generated by a machine.

• Compiled like the cases of data sets.

• Re-engineered when it is derived from a reverse engineer method.

• Extracted when the source is other data such as the case of data analytics.18

Concerning the source of data: Kerber also makes the distinction based on the source of the data, whether it is:

• Voluntarily provided by the users in exchange of services,

• Captured by sensors, or

• Derived from other sources of data.19

Concerning the content layer:20 Professor Zech differentiates between the bits and bytes of digital data set or the “information” that the dataset contains.

• Data in a syntactic level is the representation or signs of the information, i.e. a photograph or text.

• In a semantic level is the particular meaning of the information or

• By its physical carrier is whether the information is represented by an object.21

17_{Marr (supra, n. 4), pp. 91 - 92.}

18_{Surblytè (supra, n.10), p. 8.}

19_{Kerber, W., “Digital Markets, Data and Privacy: Competition Law, Consumer Law and} Data Protection”, (2016), GRUR Int. 2016, p. 639.

20_{Zech, H. “Information as Property”, (2015) 6, JIPITEC 192, p. 194.}

(14)

Concerning the format of data:

• Structured data is fixed and stored in a specific record like spreadsheets such as customer and sales data, number of websites visits or machinery data like the temperature of a facility.

• Unstructured data is not on a specific format and it can be e-mail conversations or social media posts, that although include text, also may include video and photos.

• Semi-structured data is just something in between unstructured and structured data, like the tags and markers.22

Relevant for assessing the qualification of trade secrets are the classifications granted by professor Surblytè and professor Zech as it will be addressed in section number two of this thesis. This is because, although the other classifications assist in the understanding of the data panorama, from a strict trade secrets perspective do not make a difference for the analysis on the specific requirements for protection.

Moreover, the well-known concept of big data which is commonly referred to in regards of its four main components or “Vs”: volume, velocity, variety and veracity23_{will not be of much importance to this work. This is due} that, for the purposes of this thesis, any dataset whether it satisfies the four Vs or not, may be subject to the analysis of the applicability of trade secrets law to it.

1.2 Different scenarios on the use of data

Data can be used in a combination of ways involving several of the types of data mentioned above. It is relevant for this work to know some of the different scenarios in which data may be subject to use and trade, in order to understand the possible qualification of trade secrets for data. It may be for

22_{Marr (supra, n. 4), p. 88.}

(15)

scientific research purposes, for engine manufacturing, in the automotive, house appliances or farming industry as it will be seen as follows:

Smart cars and self-driving vehicles: For instance, Waymo’s (Google)24 equips cars with high tech sensors and software such as LiDAR25_{that gather} traffic and surroundings data for self-driving technology. Also all the data that is gathered currently by car manufacture in the context of smart cars gives

reliable insights about the user’s needs and additionally might be key in the

generation of new business models such as the ones related to the insurance industry and car rental and repair.

Predictive analytics: This is one of the areas in which the phrase “data is the new oil”26_{indeed makes a fit. Predictive analytics is a field of study or} technology that learns from data and predicts the behavior of people, tended to improve decision making.27_{Basically, it is a combination between} computer science and statistics to make predictions derived from data.28

Data markets: The controller of data might commercialize it, be it to innovate or improve its production as well as for selling additional services to customers, such as data analytics, or to other firms such as targeted advertising, making thus their generated data available to other firms as well.29_{This can be materialized according to Kerber “via data brokers, data} market places, and with many different business models and contractual agreements.”30

24_{Infra, n. 83.}

25_{“LiDAR stands for Light Detection and Ranging, which employs laser lights to create 3D} maps of an environment. It determines the distance between the laser light and a surface it bounces off of. A sensor on the device determines the time it takes for the laser to travel back to its origin. In a LiDAR sensor, thousands of laser lights are dispatched at a time. When the results are stitched together, the sensor returns an accurate 3D image.” Margulis, C., et al., “Waymo vs. Uber May Be the Next Edison vs. Westinghouse”, (2017) 99 J. Pat. & Trademark Off. Soc'y, p. 516.

26_{Siegel (supra, n.1), p. 115.}

27_{Ibid., p. 15.}

28_{Ibid., p. 16.}

29_{Kerber, W., “Rights on Data: The EU Communication ‘Building a European Data} Economy’ From an Economic Perspective”, (2017), in Lohsse, S., et al., (eds.), Trading data in the digital economy: Legal Concepts and Tools, Nomos, Münster Colloquia on EU Law and the Digital Economy III, p. 8.

(16)

Preserving the environment: through the gathering of data, new insights can be gathered that help to understand the challenges for the environment such as natural disasters like flooding and fight against climate change and reduce energy consumption through smart cities.31

Scientific research purposes: The research organization CERN operates the Large Hadron Collider (LHC), a physics experiment comprised of colliders in tunnels 600 feet below Switzerland and France, with the objective to replicate the universe conditions after the Big Bang and find insights of the configuration of the Universe32_{. It monitors and gather data through its} sensors, of millions of particles collisions which later on is analyzed by algorithms. The amounts of data needed to analyze are so vast, that they use “distributed computing”, composed of 170 computers in 35 different countries, mostly operated by partner academic organizations.33

Smart home appliances: In the house appliances industry there is a boom of “smart” versions of all the regular domestic machines like televisions, kitchen utensils, light installations, security cameras and more. For example, the company Nest – owned by Google34_{– offers sensors and tracking of daily} activity and data such as temperature, humidity and light, to determine the best temperature of the house.

Engine manufacture: The manufacturer of airline engines Rolls-Royce uses data to monitor and prevent problems in their products. To visualize their engines operations, they use simulations in which they gathered huge amounts of data, as well as the sensors embedded in the motors that gather data related to the functioning of their products.The use of data not only assist the company in the improvement of their engines, but also it has become a new business model and service called “Total Care”35_{which focuses} primarily on internal data.

31_{European Commission “What can big data do for you?} https://ec.europa.eu/digital-single-market/en/what-big-data-can-do-you (Accessed on August 25, 2018).

32_{Marr, B., Big Data in Practice, (2016), United Kingdom, John Wiley and Sons Limited, p} 11.

33_{Ibid., p. 15.}

(17)

Smart farms: John Deere offers data related services to its users. The service consists in real-time monitoring of the collection of data from their machinery. This has many possible uses such as for fuel consumption, equipment maintenance, data on which crops to plant and under what conditions, as well as the amount of fertilizers to use.36

Other uses: Data can be used in a wide variety of ways, some of them were not even mentioned in this section, such as data in sports, to preserve biodiversity and to protect animals. It is unclear how data will keep revolutionizing the current status of things, but it can keep striking dramatic changes in specific industries, like the case of Uber in which the service has proven to be very popular among its users but it is highly controversial from a legal perspective.

As per the examples stated above, how data is being practically applied by companies and their users can lead to different approaches on the legal aspects that must be taken into account. It is clear that most of the companies use it to improve their services and prevent loss of revenue in the maintaining of their equipment. However, some of this data is generated with the user’s input on day to day use and other is being gathered without the input of the user, such as in the construction process of a machine or weather or seismic data used to prevent disasters. This all has an impact on the legal assessment related to trade secrets, as it will be addressed in section two.

1.3 Interests behind the legal protection of data

There are at least three different interests in the legal protection of data. Firstly, there is the interest of the controller, producer or the so called “owner”37_{of data, who gathers data internally in its company, be it purely in} the developing of its products or in the developing of PC and mobile

36_{Marr (supra, n. 32), p. 76.}

(18)

applications and who usually invests in equipping its machines and devices with sensors. This data can be commercialized with the product itself or it can be used to improve the company’s business, develop new products, enhance user’s experience and, in general, get results from all the input that can be derived from data. The interest of the controller is to have legal protection for its data, mostly because currently there is no legal certainty as to not having neither ownership of industrial data nor principles for the free movement of data38_{. Therefore, the interest can be to have the maximum expression of full} ownership, which following Bayles it includes “the right to exclusive possession, the liberty of use, and the power of disposition”39_{. Furthermore,} property rights usually have effects erga omnes40_{and carry the right of} vindication mostly in civil law tradition systems.41_{Naturally, not even classic} IPRs such as patents and copyrights have full ownership rights, being thus limited in time and scope for example. Nonetheless, the interest behind the controllers is tending to have the most incidents of ownership as possible, in order for it to increase its value42_{and monetize data, be it by selling it per se,} or by adding value of products and services involving data. The interest behind it is to avoid the potentially unauthorized use or acquisition of data that will most likely involve a lessening of the controller’s rights and also can result in that competitors take an unfair advantage of the fruits of the company’s own labor.

38_{Kim, D., “No one’s ownership as the status quo and a possible way forward: A note on the} public consultation on Building a European Data Economy”, (2018), Journal of Intellectual Property Law & Practice, Volume 13, Issue 2, 1 February, p. 158.

39_{Bayles, M., “Property Law”. In Principles of Law. Law and Philosophy Library, (1987),} Volume 5, Springer, Dordrecht, p. 85. Also the author offers a more comprehensive list of incidents of ownership of property that are as follows: “The claim to possess. The liberty to use. The power to manage. The claim to income. The liberty to modify, consume or destroy. The power to transfer. The immunity from ‘expropriation’. The absence of term. The duty not to use harmfully. The liability to execution. The residuary character.”, pp. 86 – 87. 40_{Akkermans, B., “Property Law”. In Introduction to Law, (2014) Springer, Cham, p. 80.}

41_{Ibid., p. 87.}

(19)

Secondly, there is the interest of the private user of data, such as natural person, a researcher, or a company like a small to medium enterprise (SME). A private natural person might claim rights over data not only to use it but also to receive profits from their input in the generation and gathering of the data from the controller, on the grounds of ownership of the data that he or she generates and the input they add to the data sets of the controller. Also, third parties like insurance companies in the interest of smart cars for liability in accidents and smart home in cases of thefts or a calamity.

Thirdly, there is the interest of a public entity like a governmental agency that might need access due to public interest reasons. A government entity may claim rights of access over data from the controller in order to satisfy a higher public interest such as improving public infrastructure, highways, health issues, scientific research purposes or to preserve healthy competition in and for the marketplace . This is because as Surblyté states, there might be some weaker competitors that could not survive in the market without facilitation to access data,43_{as well as to address the possible “lock-in”} problem that can arise if the controllers impose unfair contractual terms or impose technical measures like encryption that will lock users into “exclusive data exploitation arrangements”.44

The first interest is more tending to the closeness and control of data, while the second and third interests are related to the access to data. Thus, data might be a key asset for a determined business and it is subject to be gathered and analyzed in a variety of ways. Depending on the type of data, the legal consequences for the different players might vary, as well as the interests behind the granting of access and factual control of the data.

(20)

2. Current EU debate and challenges presented behind the

protection of data

2.1 EU proposal to build a data economy

The EU Commission has been launching different communications with accompanying staff working documents with the purpose to “Building a European data economy”45_{and a proposal of regulation “for the free flow of} non-personal data in the European Union”46_{. The type of data to which the} Commission refers is non-personal (because otherwise this is already regulated by the General Data Protection Regulation) and machine generated data. In these documents the Commission stresses on the importance of data for the economic growth and create a policy and legal framework for the data economy. Several of the aspects that the document pose are the discussion of whether this type of data should be afforded ownership rights as well as the need of access rights for users of industrial data.

Some of these documents of the Commission have been studied in detail by authors as Daria Kim, who states that the communications are not being clear enough as to establish exactly the problem they are trying to address with those proposals.47_{Likewise, the same author points out that the} documents frame the legal issues “with a particular focus on the ownership -related aspects of the prospective legal framework”48_{but still do not make a} clear distinction between de facto “owners”, and de facto “control”, which must be differentiated due that de facto control do not grant ownership rights.49

45_{See at least the following communications of the European Commission with their} respective accompanying staff working documents: “Towards a common European data space” (25.04.2018), “Building a European data economy” (10.01.2017) and “Towards a thriving data-driven economy” (02.07.2014).

46_{See the Proposal of a regulation of the European Parliament and Council 2017/0228 (COD)} on a framework for the free flow of non-personal data in the European Union.

47_{Kim (supra, n. 38), p. 156. Also, the author concludes that : “On the substantive level, it is} uncertain what specific practices might be curtailing the potential of the data economy and what are the optimal conditions for enhancing the potential of data-driven innovation.”, p. 165.

48_{Ibid., p. 155.}

(21)

Additionally, Zech considers the Commission communication regarding the building of a EU data economy a “remarkable paper”,50_{due to its new} proposals as well as the promotion of a rich academic discussion around the topic, which in fact as it can be seen in this dissertation it had spurred numerous scholars positions.

The two options of the Commission to include rights for industrial data or also called machine generated data (non-personal or anonymized) are: a right

in rem or otherwise purely defensive rights like trade secrets.51

Also, the Commission proposes there should be access rights for the use, transfer and reuse of data, as well as exceptions52_{to this ownership right. In} light of that they suggest to create exempted cases such as where there is a public interest, a need of the manufacturer of the data to develop it product, public sector interest and for scientists in their research. All of the aforementioned must be regulated in detail and analyzed on a case by case scenario.

2.2 The grant of ownership to a data producer and the need of access rights

As it was stated, there at least three very specific interests behind the legal questions around data. Mostly because currently there is no legal regulation that particularly address the topic of industrial data. Thus, this section will go through the different academic positions behind a possible data producer’s right of ownership.

Could be driven by the automotive industry or by lawyers and academics53_{, but there is a big debate on whether there should be property} rights granted to data producers. This notion was mostly encouraged by the EU Commission in their “Building a European Data Economy” proposal, as

50_{Zech, H., “Building a European Data Economy”, (2017), IIC - International Review of} Intellectual Property and Competition Law, Volume 48, Issue 5, p. 502.

51_{Staff Working Document accompanying the Communication from the European} Commission “Building a European data economy”, (Brussels, 10.01.2017), p. 33.

52_{Ibid., pp. 35 – 36.}

(22)

it will be covered in the next section. The possibility and discussion is for granting a “data producer’s right”, creating exclusive rights over data. Majorly, the interests behind it are those of the controllers in the automotive industry, due to the developing of self-driving cars, as well as companies that produce or control data in general. There are strong arguments in favor of recognizing a degree of ownership to data producers, because they need freedom to conduct their business as well as to protect their investments and this data grants them a competitive advantage. However, here the distinctions of the different types of data play an important role due that the granting of protection might depend on the type of data, for instance whether it was generated with user’s input or not, or if it was merely a by-product of the main activity.

Authors like Aplin are keen to the rejection of property rights for data, for reasons such as the lack of economic justification behind it. Also, she applauds the policy of not granting property rights to trade secrets. 54

Surblytè is also emphatic in the rejection of protecting data by granting exclusive rights, due to the lack of justification of “propertization”55_{and the} possible negative impact, for instance in competition law as abuse of market dominance.

Professor Drexl is of the position that ownership rights for data might create a conflict of interests between the designed right holder and the other stakeholders.56_{Hence, he recommends the adoption of access rights in a} sector-specific manner and resorting to contract law57_{due that there are no} solid reasons in favor of exclusive rights for data.58

Leistner is accurate when he states that before asking about future rights for data or the question about if data ownership should be stablished, first one must assess whether the current legal provisions such as the sui generis right

54_{Aplin, T., “Trading Data in the Digital Economy: Trade Secrets Perspective”, (2017), in} Lohsse, S., et al., (eds.), Trading data in the digital economy: Legal Concepts and Tools, Nomos, Münster Colloquia on EU Law and the Digital Economy III, p. 64.

55_{Surblytè (supra, n. 43).}

56_{Drexl, J., “Designing Competitive Markets for Industrial Data - Between Propertisation} and Access”, (2016), Max Planck Institute for Innovation & Competition Research Paper No. 16-13, p. 37.

57_{Ibid., p. 41.}

(23)

or trade secrets protection play a role in the protection of data and what must be changed for these provisions to work and play a role in the data economy.59

Kim states that legal ownership rights over data will not diminish transaction costs nor the possible “lock-in” effect that could arise with de fact control.60_{Also, Determann considers it will hinder the free flow of} information.61

The professor of economics Wolfgang Kerber also shares the discrepancy to grant property rights to industrial data. He states that from an economic standpoint it is not recommended to grant exclusive rights to data given at least to three different reasons: First, it is difficult to identify what the subject matter will be, which will lead to legal uncertainty. Second, the whole idea will not really fit in the digital economy due that data needs to be accessed to drive innovation. Third, there is lack of evidence that there is an incentive problem for producing data62_{and furthermore the scenario seems to be quite} the opposite with ever increasing production and analysis of data. Likewise, there are no comprehensive studies that conclude a market failure problem is happening in order to justify an exclusive right for data producers.63

For professor Zech the issue of allocating a data producer’s right is worthy of consideration “(…) regardless of whether a company or a consumer act as data producers.”64

Hugenholtz is also strongly against the creation of a data producer’s property right as it is contemplated by the EU Commission in its 2017 “Building a European data economy” communication. For him, the situation

59_{Leistner, M. “Big Data and the EU Database Directive 96/9/EC: Current Law and Potential} for Reform”, (2017), in Lohsse, S., et al., (eds.), Trading data in the digital economy: Legal Concepts and Tools, Nomos, Münster Colloquia on EU Law and the Digital Economy III, p. 33.

60_{Kim (supra, n. 38), p. 163.}

61_{Determann, L. “No One Owns Data” (2018), UC Hastings Research Paper No. 265, p. 40.}

62_{Kerber (supra, n. 13), p. 761.}

63_{Kerber (supra, n. 29), p. 11. Furthermore Kerber is cautious about jumping to conclusions} due to the lack of research about in depth data economy problems when he states: “However, the main problem is that we are still at the beginning of theoretical and empirical research about important characteristics and problems of the data economy, and therefore we should be very cautious about conclusions whether and what type of market failures exists, and what policy measures might be suitable for solving them.”, p. 18.

(24)

will even reach to collide against fundamental rights and cause distort in competition, undermining scientific research and freedoms.65

Finally, Wiebe considers that making data the subject matter of IPRs will exclude access to data and can “shift from the principle of free use of information to a principle of protection of information.”66_{However, he further} states that is too early to provide a final assessment and thus there is need for more interdisciplinary research on the proposed subject.67

Another issue that arose from the boom of data is whether there will be a need of access to data, a sort of “data democratization” as it has been suggested, because currently there is a factual exclusivity on behalf of the companies that control data under their possession. For example, given the case that data becomes a communication means between machines, this could be needed for competition issues, interoperability reasons and research purposes or public interest. Again, on one hand this poses problems from the part of the companies fearing of being compelled to give away their data for free and whether they will need an incentive to produce the data. But on the other hand, since this is such a new topic with unknown possible uses in the future, practitioners and academics are trying to stay ahead and foresee the need of access in case that it becomes such a necessity that there is a need that this data is available for development of more innovation.

An additional issue is the right of user’s for example in the case of the automotive industry or the farming industry where the data from which the companies benefit so much is nurtured by the user’s input. This poses the question of what role does it play the fact that the user is putting so much input in the data, does the only benefit will be the so called of “receiving a better service”, or should they be entitled to a right on the data that they help to produce? In case of smart cars for example there can be two types of data, one generated in the production process but also one gathered in the use

65_{Hugenholtz (supra, n. 53), p. 77.}

66_{Wiebe, A., “Protection of industrial data – a new property right for the digital economy?”,} (2017), Journal of Intellectual Property Law & Practice, Volume 12, Issue 1, 1 January, p. 68.

(25)

process, because currently cars are not completely autonomous as they require the interaction and input of the user.

The businesses control their internal data68_{as part of their private} information. Also, they have factual exclusivity upon it, since they control and determine if (and to which degree) they want to provide access to others on their data. Although there is a strong legal debate and proposals on whether there should be an ownership right over data, in the practical spheres of businesses “owning”69_{and commercializing the data generated seems to be} the normal thing. As Marr points out:

“(…) if your key business processes are going to be based on certain data or if you intend to monetize data, it is very important to own that data, rather than rely on a third party’s supply of data. When data becomes a part of your core everyday operations or revenue stream, the business starts to rely on that data and it becomes a vital part of how you do business. It stands to reason then that you would own any data that your business relies upon. As I’ve said throughout this book, it’s important to think of data as a core asset, just like your employees, your intellectual property, and your inventory.”70

So, why would property or exclusive rights would be granted to data? There is no creativity involved, no novel inventions, it is just information that is being gathered. As it was pointed out previously71_{, data without insights} and proper analysis might not be that valuable in the present. Although it is true that from data new inventions can be derived like innovative products or services, the data as such is nothing more than raw material, that combines the input of machines, humans and external agents. As a reward for investment a certain kind of right could be granted, but then again, how to assess who made the investment? A very complicated and interest subject

69_{As stated before there is no strictly legal ownership over data, however the controllers of} data trade on it. As Kim points out on the difference of de facto control over data and ownership: “Likewise, a clear explanation that de facto control over data does not give rise to the right of ownership could inform industry contractual practice, since the concept of ownership seems to be “often misunderstood and/or misused” by businesses.” Kim (supra, n. 38), p. 160, quoting OECD, Data-Driven Innovation: Big Data for Growth and Well-Being, (OECD Publishing, 2015), p. 195.

70_{Marr (supra, n. 4), p. 152. Also regarding this topic Kerber accurately notes: “In the ICT} and business communities the term ‘‘data ownership’’ is used widely, but not in the sense of legal property but who is the de facto holder of data, and can therefore decide on the use and trade of these data.” Kerber (supra, n. 13), p. 760.

(26)

that nonetheless escape out of the scope of this dissertation. Consequently, a new proprietary exclusive right would either create confusion among who will be the rightsholder, or it will grant unbalanced amount of rights to a party that might not the real producer of data.

3. Comparative law example for the protection of

industrial data and case law

On May, 201872_{Japan passed the bill for partial revision of the unfair} competition prevention act73_{. It was approved in the context of industry 4.0.}74 to address valuable data that was not protected by traditional IPRs.75_The revised act will grant remedies against wrongful acquisition and use of protected data,76_{however, the translation to English is still not available in the} law translation site of the government of Japan.77_{The conditions for} protection of the data are: First, it should be protected by electromagnetic measures such as passwords. Second, it must be accumulated considerably. Third, it should be with a limited distribution on its scope for business.78

The characteristics they took into account for the protection of this “valuable data” are the easiness in which data can be duplicated, the fact that its circulation might cause rapid damage, as well as that is difficult to stop its

72_{Asia – Pacific Economic Cooperation, “Revision of Unfair Competition Prevention Act”,} 47th Intellectual Property Rights Experts Group Meeting, Port Moresby, Papua New Guinea,

(August 11 – 12 2018), p. 2. Available online at

http://mddb.apec.org/Documents/2018/IPEG/IPEG2/18_ipeg2_013.pdf (Accessed on August 29, 2018).

73_{Ministry of Economy, Trade and Industry, Japan., “Cabinet Decision on the Bill for the} Act of Partial Revision of the Unfair Competition Prevention Act, etc”, (February, 27, 2018), http://www.meti.go.jp/english/press/2018/0227_003.html (Accessed on July 12, 2018). 74_Ibid.

75_{AIPPI News, “Partial Revision of the Unfair Competition Prevention Act”, (June 18,} 2018), https://aippi.org/no-show/partial-revision-of-the-unfair-competition-prevention-act/ (Accessed on August 10, 2018).

76_{Asia – Pacific Economic Cooperation (supra, n. 72), p. 3.}

77_{See the last translated version: Japanese Unfair Competition Prevention Act, No. 47 of} May 19, 1993, Amendment No. 54 of 2015, (translated to English). Available online at http://www.japaneselawtranslation.go.jp/law/detail/?re=2&dn=1&x=0&y=0&co=1&ia=03 &yo=&gn=&sy=&ht=&no=&bu=&ta=&ky=unfair+competition+prevention&page=25 (Accessed on August 29, 2018).

(27)

circulation if it does not fall under the scope of copyright or trade secrets.79 Hence, some of their objectives is that this “protected data” is going to be shared among companies and will create new business as well as increase the value of services and products, bearing in mind data collection of smart cars such as road shape measurement and data of ships and weather data.80_The interests they are taking into account are as of the car manufacturer, the general user and the local government for example.81

This is a very interesting legal provision for at least two reasons: Firstly, it includes some resemblance to trade secrets protection such as the measures to protect the data, nevertheless, it does not require it to be secret but only of limited access or distribution. Thus, it was made with the intention – to use EU Commission terminology – to favor the “flow of the data”. Secondly, it grants civil remedies against the wrongful acquisition, use and transfer of the protected data.82

One of the most recent US cases regarding trade secrets is the Waymo v Uber case in which the discussion about secrecy of data for automated driving was addressed. Waymo is a subsidiary of Google83_{who sued Uber on} February 2007 on the grounds of violation of trade secrets law, among other claims, alleging that a former Google employee downloaded thousands of documents regarding Waymo’s driverless vehicle technology and then founded his own company which was later bought by Uber.84

Interestingly enough, Google engaged in automated driving technology before Uber, approximately six years earlier.85_{However, this interesting case} was settled out of Courts, most probably because the secrecy of the information and to avoid the exposure during a trial. The parties ended their

79_{Asia – Pacific Economic Cooperation (supra, n. 72), p. 4.}

80_{Ibid., p. 5.}

81_Ibid.

82_{Ibid., p. 3.}

83_{Waymo LLC v. Uber Techs., Inc., (2017), 870 F.3d 1350.}

84_{Ibid., at 1355. Thus, when referring to this case Waymo will be called Google.}

(28)

millionaire trial with a settlement valued in $245 million US dollars86_that Uber will pay Google.

Another giant in the self-driving development industry; Tesla87_{also sued} an employee for trade secrets misappropriation last June.88_{Tesla alleged the} former employee took confidential information protected by trade secrets from Tesla’s operating system and upload it to his personal email and cloud accounts to transfer it later to third parties.89_{Furthermore, Tesla obtained} document preservation subpoenas to Apple, Google and Microsoft90_{as well} as later to other providers like Facebook, WhatsApp and Dropbox in order to require them to preserve data and records from the former employee’s accounts.91

As it has been seen, currently there is a big legal debate and discussion revolving the lack of regulation of data. The judicial field has not escape of this discussion, with the appearance of more and new cases around data. Therefore, the justification on the study of the legal gap in industrial data is self-explanatory. The next section thus, will cover the possibility of protecting data as trade secrets, going through the legal requirements for the qualification of its protection.

86_{Forbes, “Uber Giving Waymo $245 Million Equity Payout To Settle Google Trade Secrets} Case”, (February 09. 2018) https://www.forbes.com/sites/bizcarson/2018/02/09/uber-waymo-settle-trade-secrets-google/#a53091c305ed (Accessed on September 3, 2018). 87_{Tesla is regarded as the third auto industry with the highest net value of the United States,} with a value of $51billion, only being behind Waymo ($70billion) and Uber ($68billion). Margulis (supra, n. 25), pp. 507 – 508.

88_{Tesla, Inc. v. Tripp, (2018), U.S. Dist. LEXIS 106678.}

89_Ibid.

90_Ibid.

(29)

II. Qualification of industrial data under Trade

Secrets

1. Can Trade Secrets be relevant for data?

Trade secrets have been addressed as a possible avenue to protect data, one of the reasons for this is because the EU Trade Secrets Directive, does not grant rights in rem to the subject matter of protection.92_{Thus, it is said to} avoid the unwanted93_{issue of granting ownership or rights to data.} Nonetheless, authors like Mark Lemley are of the view that trade secrets should be treated as intellectual property, which is a form of non-traditional property.94_{On the contrary, others like professor Bone, consider that trade} secrets are different from property rights as for they do not pose liability for mere appropriation and are based on the breach of “relationally” duties and not so much for theft.95_{Furthermore, professor Ohly considers trade secrets} to be in the borderline between intellectual property and competition law, given that they only protect against unfair behavior.96

Nevertheless, it must be determined whether trade secrets protection can adapt to the different types of data production and gathering that might require specialized protection for each case.

Trade secrets protects the qualification of secrecy of any type97_of information that has commercial value or grant a competitive advantage to its holder against unlawful acquisition, use or disclosure. Technological secrets are usually identified as know-how, while managerial secrets are a common

92_{Aplin (supra, n. 54), p. 64.}

93_{See further in the next subsection n. 3 of this section the different academic positions} regarding granting property rights to data.

94_{Among the reasons in which he stands is arguments for IPRs are: Trade secrets can be} controlled by its holder even after it left from its possession; Trade secret law provides incentives to innovate; It grants faster protection without the need of examination. Lemley, M., “The Surprising Virtues of Treating Trade Secrets as IP Rights”, (2008), Stanford Law Review, Volume 61, Issue 2, p. 326.

95_{Bone, R., “A New Look at Trade Secret Law: Doctrine in Search of Justification”, (1998),} 86 Cal. L .Rev., p. 244.

96_{Ohly, A., “Harmonising the Protection of Trade Secrets: Challenges and Perspectives”,} (2013), in de Werra, J., (ed.), La protection des secrets d’ affaires/ The Protection of Trade Secrets, Schulthess, Zürich, p. 35.

(30)

part of every enterprise. Both types of information are covered by trade secrets.

Trade secrets acquire especial relevance in the particular setting of industrial data, due to the fact that the EU Directive expressly states that it does not create exclusive rights over the information subject to trade secret protection.98_{This, among other things, maintains the possibility for the} information to be lawfully acquired through independent discovery and reverse engineering. Thus, the regulation that could be granted by trade secrets to data seems to surpass in some way the debate of whether there should be ownership of data or not.

It is clear that companies like Shell and Rolls-Royce, maintain secrecy99 regarding the way they collect and analyze their data. Whether this might qualify to get protection as a trade secret is another issue that will be analyzed in the following paragraphs.

2. Requirements for data to qualify as a trade secrets

In this section the specific requirements of data in light of the trade secrets requirements will be addressed. Also, the academic positions of different scholars that have addressed the issue of whether trade secrets can qualify to protect industrial data and if its suitable or not.

Basically, the definitions of trade secrets both in the United States (US) and the EU, encompass four general requirements: it must be information, that is secret, has commercial/economic value and subject to reasonable steps to keep it secret. What is protected is the misappropriation in the form of unlawful acquisition, use or disclosure. Essentially, these unlawful acts all occur without the consent of the trade secrets holder or by a conduct contrary to honest commercial practices.100_{In respect to the unlawful use or disclosure,} this can be also in breach of a confidentiality duty.

98_{Recital 16, Trade Secrets Directive, EU 2016/943.}

99_{“Although Shell, along with other oil and gas exploration and drilling companies, are} secretive about the exact nature of the analytics they employ, and the specific data they collect, they say they are more confident than ever about their ability to forecasts reserves, thanks to advanced Big Data analytics. (…) The exact measurements and of the analytics is a closely guarded commercial secret”. Marr (supra, n. 32), p. 22.

(31)

Following professor Mark Lemley, any trade secret claim must include three essential requirements: The information or subject matter of protection must qualify as a trade secret; the holder should have taken reasonable steps under the circumstances to prevent the disclosure and prove that the defendant misappropriated the trade secret.101_{After all, information subject to trade} secrets protection does not have to be in any particular format. Hence, the law will apply to any kind of information regardless the type of file.102

a) Is data Information secret or not generally known?

Information can mean any type of it, due that the EU Trade Secrets Directive does not make a distinction on this aspect. Actually, for trade secrets protection to be afforded, unlike regular IPRs, there is no subject matter of protection.103_{Furthermore and highly relevant, what is protected is} not the information itself, but the secrecy aspect of it and the taken steps to protect that secrecy.104

Secrecy is the most important requirement, it will be granted to industrial data if this was not made publicly available like in the case of open data or open source software, in which case there could not be trade secrets protection for it. This condition means that information must not be generally known or readily accessible105_{and it alludes to the fact that more than one person can}

101_{Lemley (supra, n. 94), p. 317.}

102_{Snyder, D., et al., Trade Secret Law and Corporate Strategy, (2015), Mathew Bender &} Company, Inc., a member of LexisNexis. New Providence, NJ, p. 70.

103_{“It is common to read that ‘ . . . there is no specific subject matter criterion for a trade} secret. As long as the definitional elements are met, virtually any type of information can be a trade secret’. This is partially true. Indeed, unlike intellectual property rights, there appears to be no exclusion or limit to what can be protected as a trade secret. Sousa e Silva, N. “What exactly is a trade secret under the proposed directive?”, (2014), Journal of Intellectual Property Law & Practice, Volume 9, Issue 11, 1 November, p. 927, quoting Hoffmann-La Roche Inc v Yoder, 950 F Supp 1348, 1357 (SD Ohio 1997).

104_{Sousa e Silva on this aspect: “It should be noted that the object of protection is not} information itself, but the measures to protect it. There is no absolute protection of information (see recital 10) as revealed by the exceptions of independent discovery and reverse engineering. Only acquisition, use or disclosure of a trade secret by improper means represent a violation of the trade secret.” Ibid.

(32)

be aware of the secret, as long as it is not known in general. Thus, the secrecy requirement is not absolute.106

Readily ascertainable is related to the fact that it is not economically likely to get the secret.107_{It was already noted in the landmark case Kewanee Oil Co} v Bicron that the element of secrecy will remain as long as the holder of the trade secrets reveals it to other “in confidence” with an obligation not to use or disclose.108

Consequently, it is quite straightforward that in the cases in which the data is not generated purely in an internal way within the company and it has input from either uses or public sources, the only information that might qualify as a trade secret is the combination and specific arrangement109_{of that data with} the added plus of the company’s own input to it.

Therefore, combination is the key to have protection of trade secrets. This is the one that must be secret, the exact configuration according to the circumstances. This implies that a data set may include even public information and it still qualifies as bearing the secrecy requirement, as long as the dataset as such is not generally known.110

Information has to be well identified and separate from that one that is not secret or is generally known in a particular company. For Wiebe, the secrecy requirement for data might be challenging to achieve due to the high level of interconnected devices with IoT and industry 4.0.111_{Furthermore, the author} makes a difference between data and information, being data “information in the state of storage and transport”,112_{differentiating also among syntactics,} semantics and pragmatics. Nonetheless, this conceptual difference will not be

106_{“A general and usual distinction is between absolute and relative secrecy. Taken to the} extreme, absolute secrecy would mean knowledge nobody possesses, whereas relative secrecy could represent the exclusion of a single competitor from shared knowledge in the industry.” Sousa e Silva (supra, n. 104), p. 928.

107_{Quinto, D., et al., Trade Secrets Law & Practice, (2014), Mathew Bender & Company,} Inc., a member of LexisNexis. New Providence, NJ, p. 17.

108_{Kewanee v. Bicron, (1974), 416 U.S. 470, at 475.}

109_{Article 2 (1) (a), Trade Secrets Directive, EU 2016/943.}

110_{Surblytè (supra, n. 10), p. 9.}

111_{Wiebe (supra, n. 66), p. 65.}

(33)

taken into account for the assessment of qualification for trade secrets because both can be kept secret and thus might have commercial value.113

But is information the data as such? Or the meaning contained in it?114_Is that really relevant for assessing whether data qualifies as information within the meaning of the trade secrets directive? Probably not. The threshold for trade secrets is too low to worry about this differentiation. Perhaps in other spheres of law this differentiation is relevant, but for trade secrets it is certainly not.

b) Does data have commercial value?

EU Trade Secrets Directive states on Article 2115_{the definition of trade} secrets, including that the information must not be trivial116_{which is not an} uncontested topic meaning is unknown for the time being and its commercial value of the information can be actual or potential.117_{While this might be} interpreted as saying that industrial data qualifies as to have commercial value, the Commission considers a different approach when being hesitant to afford individual machine generated data commercial value – though, for the case of datasets, they do not doubt of its value.118

In respect to the independent economic value, this refers to the fact that the information is not generally known by those that might get value from its use. According to Quinto, this has been interpreted by the Restatement of Torts Section 757 placing weight in whether developing information was costly or not.119

113_{Infra, n. 129.}

114_{Making this differentiation would be in line with Zech’s classification of data on a} syntactic, semantic and physical carrier level, (supra, n. 20).

115_{Article 2 (1), Trade Secrets Directive, EU 2016/943.}

116_{Recital 14, Ibid.}

117_Ibid.

118_{Specifically the Commission states: “It is doubtful that individual data generated by} interconnected machines and devices could be regarded as "trade secret" in the sense of this Directive, mostly because of its lack of commercial value as individual data; however, combination of data (datasets) can be trade secrets under this Directive if all the criteria are met. Indeed, if such data is shared without being subject to sufficient protection measures to keep it secret, the Directive does not apply.”, (supra, n. 51).

(34)

Nonetheless, there is a clear competitive advantage in the possession of data as an asset that can determine the success of a business. As Marr points out:

“(…) a company’s ability to compete will increasingly be driven by how well it can leverage data, apply analytics and implement new technologies. (…) In business, information is power, and big data is providing information we couldn’t have dreamed of collecting or analyzing just a few short years ago. Companies that don’t evolve and embrace the data revolution will be left behind. ”120

This poses the reality that is all about market competition and the fact that if companies do not keep up with the data revolution they will be left behind. This happened to companies such as Kodak or Nokia that couldn’t cope with the newest technologies and despite they used to be very well positioned and have huge market power, disappeared due to technology obsolesce.

Behind every business there is the primary interest of having profits, therefore, if there is an opportunity to monetize the transactions or gain value derived of a “data democratization”, it will make sense that major companies will go for it. However, if this gathered and analyzed data renders so much value and competitive advantage in comparison with other businesses, it seems unrealistic that the sharing approach will occur willingly from the side of the controlling companies. This is because data indeed has become an asset. An example of this is the purchase of “The Weather Company” by IBM, which was bought based on the data owned by the company.121

Another significant aspect is that data as such is not necessarily of much value to a company if they do not have a proper data strategy. A suitable data strategy122_{relates to the core business plan and long term objectives of the} business, therefore it makes sense that companies will keep it secret123_{, in} order to avoid being outsmarted by their competitors. The Trade Secrets

120_{Marr (supra, n. 4), p. 16.}

121_{Ibid., p. 31.}

122_{“(…) simply collecting data or even analyzing it isn’t the end game of a data strategy.} Instead. it’s about how you use the information you glean from the data. It’s about the processes you improve, the better decisions you’re able to make, the business value you add. Data for data’s sake is meaningless.” Marr (supra, n. 4), pp. 33-34.

(35)

Directive talks about commercial value and excludes trivial124_information, but still the scope of protection is really high, due that the value might be potential according to the same recital.

In this regard, as Aplin points out, the Commission is not keen to consider “datum” or individual data such as the one created by interconnected devices will be deemed to have commercial value.125_{And furthermore she states:}

“(…) it is not within the spirit of the Directive to protect datum as trade secrets. This is for two reasons. The first is that Art. 2(1)(a) refers to secrecy of the information ‘as a body or in the precise configuration and assembly of its components’. This suggests that the subject matter of protection is not datum. The second reason is that protection of datum would sit uncomfortably with the rationale of the Directive, since it is hard to imagine individual pieces of data in isolation as the basis for innovation, knowledge generation or sharing.”126

This accurate notion to not consider “datum” as bearing commercial value seems to rule out the claims for individual users on the protection of their individual data as a trade secret, leaving no room for discussion of whether they are entitled for protection of the data and input they generate for the larger data sets controlled by the trade secret holder. Likewise, this will clear out the questions posed by professor Aplin regarding whether the notion for trade secret holder will be ambiguous relating datasets from sensor on devices. She poses that it will not be clear who will the controller be in those cases, whether the manufacturer or the owner of the devices.127_{However, this} individual pieces of data will qualify as “datum”. Therefore, ruling out the qualification of trade secrets for that and giving room for the idea that the controller will be the company who has the bigger combination of all the individual data that is collected from the different sensors, rendering this as a bigger and specifically crafted dataset.

Regarding the classification of data given in the previous section, in the case of internal data, fully developed by a company without the input of users or external sources, it makes more sense to pose the question of whether this

124_{Recital 14, Trade Secrets Directive, EU 2016/943.}

125_{Aplin (supra, n. 54), p. 64.}

126_{Ibid., p. 66.}

(36)

type qualifies as trade secrets and the commercial value requirement. This scenario will be in line of professor’s Ohly view of drawing a parallel between privacy and trade secrets law when he states that “enterprises need a protected “laboratory zone” where technology can be tested and where business strategies can be discussed confidentially.”128

Nonetheless, the threshold for assessing the commercial value requirement seems to be really low, since it is mainly connected to the secrecy requirement. As Surblytè explains:

“(…) information as such does not need to be valuable (simple information may qualify for trade secret protection as long as the fact that a company keeps it secret grants it a competitive advantage). The value of a trade secret may stem from the fact that information is kept secret.”129

Thus, it is clear with a high degree of certainty that the condition of having commercial value will be met by datasets or combination of data, as long as it is kept secret by its controller. Also, the US Courts of Illinois refer to six restatement factors to determine if a trade secret exist, which are the following:

“(1) the extent to which the information is known outside of the plaintiff's business; (2) the extent to which the information is known by employees and others involved in the plaintiff's business; (3) the extent of measures taken by the plaintiff to guard the secrecy of the information; (4) the value of the information to the plaintiff's business and to its competitors; (5) the amount of time, effort, and money expended by the plaintiff in developing the information; and (6) the ease or difficulty with which the information could be properly acquired or duplicated by others.”130

These factors might help to ascertain on a case by case scenario if overall the information claimed to be secret indeed is. It is not crystal clear if the information subject to trade secrets must be true,131_{which is noteworthy for}

128_{Ohly, A., “Reverse Engineering: Unfair Competition or Catalyst for Innovation?”, (2009),} in Pyrmont, W., et al., (eds.), Patents and Technological Progress in a Globalized World: Liber Amicorum, Joseph Straus, MPI Studies on Intellectual Property, Competition and Tax Law, Volume 6. Springer, Berlin, Heidelberg, p. 546.

129_{Surblytè (supra, n. 43), p. 6.}

130_{Fast Food Gourmet, Inc. v. Little Lady Foods, Inc., (2008), 542 F. Supp. 2d 849 at 862.}

Industrial data and trade secrets: A balanced approach or an excessive mismatch?