TY - JOUR AU - Sappa,, Cristiana AB - Big Data, IoT and AI are the three interrelated elements of the algorithmic society, responsible for an unprecedented flourishing of innovation. Companies working within such an algorithmic society need to protect the information created and stored for entrepreneurial purposes. Thus, their concerns relate to data protection, in particular with regard to trade secrets and the sui generis protection of databases. This paper tries to answer two questions from a EU and US law perspective. First, it asks whether data generated and managed within the frameworks of Big Data, IoT and AI meet the essential requirements to enjoy trade secret protection and the database right, if any. The answer seems to be in the affirmative in most cases. Second, it studies whether trade secrets and the sui generis right are appropriate in a sharing-based paradigm, such as that of Big Data, IoT and AI. The focus on this upstream protection helps to understand the bottlenecks created at the downstream level, which challenge innovation and transparency, as well as consumer protection. In other words, when both exclusive rights (the sui generis protection for databases) and quasi-intellectual property rights (trade secrets) are present, innovation and the circulation of information are not necessarily promoted, and the presence of this double protection may be beneficial to big businesses only. On the other hand, the presence of mere trade secrets does not seem to utterly exclude an encouragement to innovation and the circulation of information and it is therefore more suitable to SMEs and to safeguard the public interest. According to a non-exhaustive notion, Big Data is the huge amount of digital data generated from transactions and communication processes1 collected in datasets, in particular via apps, sensors and other (smart) devices, which regularly lead to predictive analyses via complex algorithms and processors. The Internet of Things (IoT) is a network of interconnected physical objects, each embedded with sensors that collect and upload data to the Internet for analysis or monitoring and control, such as smart-city traffic and waste-management systems. IoT generates and is built upon Big Data. Artificial Intelligence (AI) is created by the interaction between intelligent agents, ie devices perceiving inputs from their environment and being able to reproduce methods and achieve aims. In other words, intelligent agents are able to reproduce cognitive human functions, such as learning and problem solving. AI generates Big Data and its functionalities extend beyond IoT. Big Data, IoT and AI are the three interrelated elements of the algorithmic society,2 responsible for an unprecedented flourishing of innovation,3 which no longer seems to require the same outside incentives of the conventional world. Companies working with Big Data, IoT or AI need to protect the information stored against the unfair practices of (former) employees,4 collaborators and other market operators. Data protection via intellectual property rights (IPRs), personal data rules and also contractual and technical measures ensuring confidentiality – as well as a competitive advantage5 on the market – have become a major concern of companies (and consumers).6 This paper does not study all of the above-mentioned rights.7 Instead it focuses on two IPRs only. More precisely it discusses how trade secrets and the sui generis right for databases fit with the algorithmic society from a EU and US law perspective. These forms of protection were introduced prior to the advent of Big Data, IoT and AI. In particular, trade secrets protection was first introduced (in different ways) at the national level within the geographical areas covered by this work;8 only at a later stage did both the US and EU adopt measures to ensure a more harmonized legal regime. On the other hand, the sui generis right for databases was introduced in the EU only, while the US has not implemented it and has consistently shown a clear reluctance for such form of protection.9 This analysis tries to answer a two-fold question. The first one is whether data generated and managed within the frameworks of Big Data, IoT and AI meet the essential requirements to enjoy the above-mentioned protections of trade secrets and the sui generis database right, if any. The answer seems to be in the affirmative in most cases. The second question is whether trade secrets and the sui generis right are appropriate in a sharing-based paradigm, such as that provided by the computational innovation generated by the above-mentioned phenomena of Big Data, IoT and AI. In particular, the focus on this existing upstream protection helps to understand the bottlenecks that may be created at the downstream level, which challenge innovation and transparency as well as consumer protection. In other words, when both exclusive rights (such as the sui generis protection of databases) and quasi-IPRs (such as trade secrets) are present, innovation and the circulation of information are not necessarily promoted, and the existence of this double layer of protection seems to be beneficial to big businesses only. On the other hand, the mere presence of trade secrets as currently designed needs further study, but in principle it does not seem to exclude an encouragement to innovation and the circulation of information, and would therefore have more favorable results for SMEs and community interests as a whole. In order to answer these suggested questions, Section I will provide information on the current legal framework of trade secrets in EU and US law, and the sui generis right for databases in EU law. Section II will try to answer whether trade secrets and the sui generis right apply to the phenomenon of the algorithmic society. Finally Section III will discuss whether exclusive rights and quasi-IPRs are suited to the newly emerging algorithmic society. I. The Current Forms of Protection 1. Trade Secrets Trade secrecy is the most archaic form of protection of intellectual creations10 and innovative know-how, yet it is still one of the most used for addressing diverse problems of innovation appropriation. Its use may depend on the lack of the essential requirements for enjoying patent protection, as well as on the high costs related to patentability and patent enforcement. Thus, it is a complementary architecture where access, exchange and a restricted sharing of data and confidential information are secure and based upon appropriate safeguarding measures.11 Rooted in common law, it is now framed at the international level within Art. 39 of the TRIPS Agreement. This article does not mention trade secrets expressly, but it refers to undisclosed information: scholars recognize without dispute the equivalence of these terms.12 In addition, the principle embedded in Art. 39 of TRIPS is a minima and does not necessarily favor a harmonized implementation of related substantial and procedural rules at the national level. In the US, trade secrets are based on state law, contrary to other forms of IP protection.13 Through the passage of time, the heterogeneous interpretation of rules became an issue, in particular due to the increase in interstate commerce.14 Eventually,15 a more harmonized rule was introduced in 1979 by the National Conference of Commissioners on Uniform State Law (rather than by the Federal Government) entitled the Uniform Trade Secrets Act (UTSA),16 which inspired Art. 39 of the TRIPS Agreement.17 The UTSA provides the current legal framework for trade secrets in the region, together with the recent Defend Trade Secrets Act of 2016,18 which created a federal cause of action for trade secrets misappropriation that largely mirrors the current state of the law under the said UTSA. Consequently, trade secrets are currently under statutory rules19 in a traditionally and continuously20 case law-driven environment.21 For a long time, EU Member States had different policies and rules regarding trade secrets protection.22 The cross-border request to harmonize both substantial and procedural rules has been delineated over time.23 Eventually, as part of its ‘Europe 2020’ strategy, in view of creating an Innovation Union,24 the European Commission introduced Directive 2016/943/EU (hereinafter TS Directive),25 based on Art. 114 of the Treaty on the Functioning of the European Union (TFEU) and therefore envisaging that a harmonization – in particular of civil actions related to trade secrets misappropriation – would have led to improved conditions to develop, exchange and use innovation knowledge. Article 39 TRIPS is then implemented by the TS Directive based on private redress.26 Trade secrets do not grant any exclusive rights.27 The information is protected against certain attacks as a secret only. In fact, trade secrets protection requires unlawful conduct that can be regarded as contrary to honest commercial practices,28 while independent discoveries of the same information do not consist in an unlawful acquisition of the information and thus do not lead to any infringement of the trade secrets protection.29 Hence, the right is neither exclusive nor absolute:30 the international, EU and US legal frameworks31 establish liability for specific tortious conduct. As an author has stated, this regime is a conduct-based liability rule, but no less a property right in the sense of an ex ante entitlement.32 More precisely, it is a ‘disappearing property right’ because third parties through reverse engineering by honest means are able to put an end to its existence.33 Thus, were we understand IPRs as all forms of property rights in intangible, non-rivalrous creations, including liability rules, then it would be possible to admit that there is a property right in trade secrets in the form of an entitlement to either lead time or compensation for lost lead time due to a wrongful appropriation.34 This explains why trade secrets can qualify as a quasi-IPR. As an overall policy remark, (a liability-based or) a quasi-IPR protection would seem to better serve the purposes of the data economy and of the algorithmic society than an exclusive right protection, because it focuses on the way in which third parties acquire access to information, instead of granting exclusive protection against its use. A more intensive protection, such as that of exclusive offered by regular IPRs would more likely come into conflict with other fundamental rights.35 Trade secrecy rules protect investments in innovation, which may or may not rise to the level of a non-obvious invention.36 According to the EU approach, the subject matter of protection is information37 and know-how.38 Other jurisdictions, such as in the US, have provisions on the notion of information, which are far more detailed than that provided by the TS Directive.39 The scope of the subject matter, thus, seems to be rather broad in the EU and in the US; however, because of the flexibilities that regional provisions leave to the national legislators and judges, it may or may not vary to some extent from one country to another, depending in particular on the interpretation provided by case law. Such protection is enabled only under three narrowly defined requirements for the subject matter of protection: i. Information has to be secret40 in the sense that – according to Art. 2.1 of the TS Directive – “it is not generally known or readily accessible to persons within the circles that normally deal with the kind of information in question.”41 The wording of the EU TS Directive is quite close to § 1 of the UTSA, referring to information deriving independent economic value “from not being generally known to or readily ascertainable through appropriate means by other persons who might obtain economic value from its disclosure or use.”42 In both cases, the interpretation of who normally deals with the information may lead to some distinctions between competitors within an industry and the public at large;43 ii. In addition, the information must have a commercial value because of its secrecy.44 Two remarks on this: first, this requirement is easily fulfilled because on the one hand, the value of the data does not have to exceed any minimum quantitative threshold; on the other hand the lack of reference to duration of a trade secret’s exploitation45 enables those who have not had the opportunity or acquired the means to put trade secrets to use to enjoy the protection too. Second, the UTSA states that the protection covers information that “derives independent economic value, actual or potential”, while the EU norm refers to an “economic value” deriving from the information “because it is secret”. However, the Council of the EU stated that the commercial value of the information might be actual or even potential.46 Thus, both EU and US legal rules seem to have a similar scope from this perspective; iii. Finally, the person who is lawfully in control47 of the information needs to have an express or at least a recognizable intention to keep it secret. In particular, barriers of a technical, organizational and contractual nature impeding easy access to the information have to be designed and implemented appropriately.48 In case information does not comply with these requirements, it could still enjoy some protection as confidential information, in particular in presence of an express agreement.49 2. The sui generis right for databases According to Art. 10.2 of the TRIPS Agreement, a creative database can be protected by copyright.50 The sui generis right, if any, may protect both creative and non-creative databases. The sui generis right for databases is rooted in Scandinavian legislation and does not exist at the international level.51 This kind of protection then exists in the EU – though not exclusively52 – and is aimed at promoting the production of collections “of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means.”53 In fact, copyright applies to creative databases only and, considering the very functional nature of these works, the selection and arrangement of data, information and other material of which they are comprised do not easily meet the requirement of originality.54 Consequently, not many databases enjoy copyright protection. Thus, an additional form of database protection to the more traditional one of copyright would have the overall aim of providing an incentive for facilitating the production, circulation and access to (organized and thus relevant) information. Back in the 1990s, the US doctrine debated the viability and suitability of introducing a sui generis right in the country. The main commentators consolidated a quite homogeneous position against the introduction of such protection in the US.55 Congress eventually decided against introducing it.56 This position was aligned to the well-known US Supreme Court decision Feist in 1991, underlining that copyright does not protect mere investment and thus mere information57 and, consequently that electronic databases (mainly, but not exclusively) had to be excluded from the purview of copyright protection failing the test of originality, “regardless of the skill, labor, effort or financial investment expended in their creation.”58 The sui generis protection of databases was introduced in the EU with the highly debated Directive 96/9/EC,59 which introduced a two-tier protection and applies to both creative and non-creative databases under certain conditions.60 The sui generis protection of databases is a neighbouring right61 impeding the extraction or re-utilization62 of a substantial part of some databases without the consent of their producer.63 In other words, it is an exclusive right,64 exactly like copyright, but with a different subject matter and different access requirements. More precisely, according to Art. 11 of the Database Directive, the sui generis right covers databases “whose makers or right holders are nationals of a Member State or who have their habitual residence in the territory of the Community.”65 Thus, the database Directive includes a reciprocity provision that rejects protection for databases produced outside EU and in countries that do not offer a comparable form of protection. As a result, databases produced by US companies (and others too) in principle become vulnerable to foreign competition in European markets.66 Furthermore, as specified by the four landmark decisions of the EU Court of Justice in 2004, protection is granted when there is a substantial investment in the obtaining, presentation and verification of data,67 but not when the investment is the creation of data. The exclusion of any protection for this last activity is to avoid protecting a sole source dataset and therefore increasing the risk of abuses of dominant positions. Ten years after the introduction of the sui generis right, the European Commission released a first report on the assessment of the database Directive, studying the question of whether the goals were achieved and whether the Directive had an adverse impact on competition.68 The report’s findings revealed that the Database Directive failed to provide much benefit to the EU and that it may also have harmed the EU publishing and database industries.69 In short, this exclusive sui generis right does not entirely convince, in particular because potentially it may cover also aggregation of information that is per se in public domain. In fact, incentives for database production do not necessarily derive from a strong protection of database content.70 Other forms of protection, such as (copyright), contracts, unfair competition laws (and misappropriation71), as well as technological protection measures are already supposed to provide enough protection and incentives.72 In other words, by creating additional costs for information products, the protection seems to compromise the cultural, social and economic growth more than enhancing it. II. Do trade secrets and the sui generis right for databases apply to information of the algorithmic society? 1. Trade secrets Some authors have suggested that none of the essential requirements enabling the information to enjoy trade secrets protection would easily apply in the context of data produced by sensors attached to smart products.73 This position would consider the de facto possession as the only reliable option to ensure the control of information in the algorithmic society. However, some counter arguments suggest that in principle trade secrets protection applies to Big Data, IoT and AI-related data, and more broadly speaking that the latter is still an important form of protection to be maintained in the algorithmic society.74 As a first remark, it is important to recognize the traditional need to protect information against unfair practices of employees, collaborators, and also other market operators that any business has to face. Therefore, in order to carry out their activities, companies in the Big Data, IoT and AI area, use trade secrets to protect information for which access is traditionally limited thanks to (among others things) confidentiality clauses or non-disclosure agreements, exactly as in any other business.75 Then, concerning the information collected and managed within the Big Data, IoT and AI areas, in principle trade secrets apply and this according to a non-discriminatory treatment for different kinds of businesses, operating in different fields.76 Trade secrets law aims at protecting the economic value derived from the secrecy of the information; therefore, the protection can apply to any technical, commercial or business information that is functional to an entrepreneurial activity. On the one hand, this means that in principle trade secrets protection applies to any kind of information which complies with the necessary requirements to acquire the protection, while the nature of such information does not matter.77 On the other hand, this statement covers automated processes used for the collection, archiving and any further elaboration of data, which are typical of the algorithmic society.78 As to the disclosure of information, trade secrets protection applies to secret information. This means that rules on trade secrets do not refer to unavailable data, but to information that is not generally known or readily ascertainable by experts in one field.79 Further, trade secrets rules apply only if the lawful controller of the information has an intention to keep it secret.80 In addition to this, only disclosures eliminating the economic value result in termination of the protection. In fact, access to a part of the secret information does not exclude the protection when it does not result in awareness and a related competitive advantage. Incidentally, not all kinds of access to the overall knowledge are able to remove the protection: for instance, disclosure of the entire information in a different structure than the one which is secret does not destroy the secrecy either, to the extent the value is given by the structure itself and not by data.81 This solution is justified because in order to compile the secret information again and with the same structure, substantial costs must be expended. Any alternative source to access the information does not terminate, nor exclude the protection of secret information, in particular if such an access depends on relevant investments.82 In addition, in the EU, recital 14 of the TS Directive states that trivial information cannot qualify for protection.83 Trade secrets protection applies to information that has commercial value because of its secrecy. Now, even when data have substantial commercial value (which is not always the case), it is questionable whether it is possible to establish a causal link between the secrecy of the information and such commercial value. In particular, in the context of Big Data analysis, an individual piece of information may appear quite trivial – and therefore not protectable according to recital 14 of the TS Directive. However, substantial value may arise from the correlation with other data. The importance of the information is related to its ability to serve the interests of the owner; thus, it does not have to do with the investment in obtaining it.84 As a consequence, the scope of the investment in implementing a technological infrastructure does not count when determining the protection of the information that can be stored or processed within the algorithmic society. However, such an investment may be of some importance in determining data ownership, particularly in the event of a dispute.85 It is in fact also excluded that the ownership of the hardware (the vehicle) can determine the allocation of rights on data, since on the one hand it is a mere point of the network from where the collection occurs, and on the other hand ownership of tangibles and intangibles have to remain separate.86 2. Database protection As to sui generis protection recognized in the EU, this protection applies to (part of the structured information within the area of) Big Data, IoT and AI without too much challenge.87 The protection applies to the collection of data that are systematically or methodically organized, where data are individually accessible. Therefore, automation processes for collecting data lead to protectable datasets only when complemented by organizational processes.88 In fact, any time data are somehow connected to an infrastructure aimed at analyzing them, they become part of a collection (in principle) qualifying as a protectable database. Data within the algorithmic society can be either generated or managed. As stated in the previous paragraph, the EU Court of Justice excluded sui generis protection for investments aimed at creating data.89 IoT in particular is built upon data recording/surveying, and thus the related database would be excluded from protection.90 However, the original data within an IoT elaboration may be the output of a systematic organization and thus protectable.91 On the other hand, the investment underpinning the database is regularly aimed at organizing data and therefore it enables to implement a supplementary and different activity than the functional one of surveying/recording.92 This reasoning is in conflict with the spin off theory, which was by the way rejected by the Court of Justice in the landmark decisions of 2004.93 Consequently, the denial of such a theory enables a quite easily accessible protection of many databases within the algorithmic society. III. Do exclusive rights and quasi-IPRs suit the algorithmic society? Big Data, IoT and AI – all being information products – are subject to containment through digital technology.94 As examined in the previous paragraphs, they can be covered by trade secrets, as well by the sui generis right for databases, under the condition that the pool of information systematically organized is ‘European’.95 At a first glance, one could argue that the legal framework described here provides incentives for development in this field. However, re melius perpensa, these legal rules suit big companies better than all the other stakeholders. Indeed, big companies and small start-ups do not have the same facilities and resources. In order to enjoy some sort of right, businesses not only have to be able to afford the costs related to acquiring the protection, but also – and in particular – they have to police the protection once granted. Thus, the available protection may not necessarily be attractive for SMEs. Some scholars insist on the fact that the real question does not have to do with the incentives required to enable the generation of information within the algorithmic society, but is indeed in connection with access by third parties that may have an interest in sharing this pool of knowledge.96 This would mean taking into serious account the interests of the main stakeholders, ie the public at large and of all the companies working in the field – no matter their size and ability to invest. In particular – also as an answer to the current risk and trend of overprotection97 – I definitely agree with the fact that the guiding idea should be to follow design principles and architectures inspired by information commons98 as advocated by Elinor Ostrom: the priority should therefore be to deal with it as a common pool of resources.99 I provide more details as to IoT (and also AI) as knowledge commons, as well as to the role of trade secrets protection within that framework in a separate analysis currently in progress.100 However, I will begin with some preliminary remarks here. First, trade secrets and database protection have become a major concern from the perspective of both companies (and consumers) vis-à-vis the corresponding legal obligations expected to be included in Service Level Agreements (SLAs),101 which will become increasingly important in the Big Data, IoT and AI ecosystem, especially as the need for inter-system orchestration and mediation reaches its third stage, which will encompass a high degree of inter-company and inter-industry data exchange. These agreements are the terms of reference in detail to understand what is covered by a trade secret and what is not, while to some extent it should be easier to identify the subject matter and the scope of the sui generis right for database protection. More precisely, the terms of SLAs should focus on the subject matter of confidentiality, on the efforts to be taken for maintaining the confidentiality of the relevant information, the conditions, modalities and effect of termination of the contract regarding the protected information and data, and thus on cancelling, destroying, removing and storing of data. Thanks to these clauses it is possible to manage the information remaining within the scope of confidentiality and secrecy and differentiate it from that which can circulate more widely with no or weaker conditions. The more information that circulates, the more it flows without limits as to its use, and the better the community’s interests – such as the easy access to information, also for re-exploitation purposes102 – are served. We could consider the data of Big Data pools, IoT and AI companies and activities as common pool resources; a public domain situation would of course be ideal for promoting cross-collaboration initiatives of any potential user at a very low cost, thus for satisfying the interests of the community and of SMEs with limited investment capability. On the contrary, the sui generis right for databases does not seem entirely appropriate to foster innovation in a level playing field, since it creates more burdens than opportunities, in particular for SMEs and the community. However, as a commentator has noted, “laws can be politically entrenched, and amending these laws can be difficult even if they have proven to be ineffective or harmful”.103 Thus, notwithstanding the substantial arguments proving that the sui generis protection does not enable the achievement of policy goals as foreseen by the EU legislator, it is unlikely that the database Directive will be substantially modified or revoked in the near future. The situation might be slightly different for trade secrets. One of the important reasons why trade secrets protection should be kept in the algorithmic society is given by the possibilities of welfare gains by third parties, since by applying this regime to Big Data pools, IoT and AI, spillovers are enabled and this represents a positive welfare effect of openness.104 In fact, trade secrets encourage disclosure rather than secrecy.105 In the absence of trade secrecy protection, businesses would make excessive investments in keeping secrets. Trade secrets law has developed as a substitute for the physical and contractual restrictions those companies would otherwise impose in an effort to prevent a competitor from acquiring their information.106 Thus, it cannot by any means be excluded that trade secrets could be used as a tool to promote innovation.107 The impact of all this is that on the one hand, EU-based (in principle ‘big’) companies will control the circulation of information thanks to the sui generis right, thus also limiting innovative re-uses and this to the detriment of the entire community. On the other hand, start-ups and SMEs working on Big Data, IoT and AI may be tempted to move to a location where trade secrets protection is available, but not necessarily where the database sui generis right exists, because whenever a protection is available, one should also police it resulting in enforcement related costs. On the other hand, it cannot be excluded that only multinational giants are ready to put up the enforcement-related costs and take advantage of the existence of the sui generis right, to the detriment of the entire community. Needless to say, those giants, at least for the time being, do not necessarily come from the EU. Footnotes 1 OECD, Data-Driven Innovation Big Data for Growth and Well-Being, OECD Publishing, 2015, available at . 2 The digital area seems to be an obsolete notion and it is appropriate to replace it with the one of algorithmic society. See J. Balkin, The Three Laws of Robotics in the Age of Big Data, Ohio State Law Journal 2017, 1217 ff. 3 Thanks to the “three Vs”: volume, variety and velocity of the data produced and potentially processed. See ex multis J. Drexl, Designing Competitive Markets for Industrial Data – Between Propertization and Access, Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2016, 257 ff.; and M. Ricolfi, IoT and the Age of Antitrust, Concorrenza e mercato 2017, 214 ff. See, however, A. Ottolia, Big Data e innovazione computazionale, Giappichelli 2017, 59, stating that scholarship erroneously considers the element of velocity as one of the three fundamental factors (together with variety and volume), because it does not necessarily occurs. Some scholars argue that the number of Vs would be even more: V. Bagnoli, Competition for the Effectiveness of Big Data Benefits, 46 IIC 629 ff. (2015), refers to veracity, value and validation as well. 4 Some general remarks on illicit withholding of secret information by former or current employees are in V. Falce, Tecniche di protezione delle informazioni riservate. Dagli accordi TRIPs alla direttiva sul segreto industriale, Riv. Dir. Ind. 2016, 130 ff. 5 According to M. Ricolfi, Beyond Intellectual Property: the Perils of Abundance, unpublished, the lack of legal entitlement would be compensated by a de facto possession of data and facilities. Thus some few platforms – GAFA and BAT – which have been able to amass and control data, information and knowledge and can make it accessible, are also able to harness network externalities, without necessarily having a legal protection. By this de facto exclusivity these platforms are able to exclude all the other market operators. 6 Probably expected to be included in Service Level Agreements (SLAs). 7 In addition to that, the introduction of a right to non-personal data was discussed by the EU institutions. Eventually (and luckily) such plans seem to have been abandoned. For a (critical) discussion on the right to data see H. Zech, A Legal Framework for Data Economy in the Digital Single Market: Rights to Use Data, JIPLP 11/2016, 460 ff.; A. Wiebe, Protection of Industrial Data – A New Property Right for the Digital Economy, GRUR Int. 2016, 877 ff.; W. Kerber, A New (Intellectual) Property Right for Non-Personal Data? An Economic Analysis, GRUR Int. 2016, 989 ff.; J. Drexl (supra note 3), 269; B. Hugenholtz, Data Property in the System of Intellectual Property Law: Welcome Guest of Misfit?, paper presented at the conference Trading Data in the Digital Economy: Legal Concepts and Tools, University of Muenster, 4 and 5 May 2017, available at ; A. Gärtner/K. Brimsted, Let’s Talk About Data Ownership, EIPR 2017, 461 ff. An analysis on the reasons why an IPR over Big Data would be dangerous and misguided is also in J. Drexl/R. Hilty/J. Gobocnik/F. Greiner/D. Kim/H. Richter/P. Slowinski/G. Surblyté/A. Walz/K. Wiedemann, Position Statement of the Max Planck Institute for Innovation and Competition of 26 April 2017 on the European Commission’s ‘Public consultation on Building the European Data Economy’, available at https://ssrn.com/abstract=2959924> or . 8 Some remarks on the evolution of the legal framework in the US A. A. Wennakoski, Trade Secrets Under Review: A Comparative Analysis of the Protection of Trade Secrets in the EU and in the US, EIPR 2016, 154 ff. As to the national protection in the EU countries before the introduction of the devoted directive see the description of Falce (supra note 4), 138 ff. See also the documents of the EC: EU study on trade secrets and confidential information in the internal market (11 July 2013), available at (EU Study), 4 seq.; and the Citizens’ summary related to the European Commission proposal on rules to help protect against the theft of confidential business information (28 November 2013), available at (Citizens’ Summary). 9 A scholar remarked in the early 2000s that the US would have not offer sui generis database protection in the near future and that the differing protection between the EU and the US, would have created tension, and possibly conflicts, between the two trading partners. P. Yu, Toward a Nonzero-Sum Approach to Resolving Global Intellectual Property Disputes: What We Can Learn from Mediators, Business Strategists, and International Relations Theorists, University of Cincinnati Law Review 2002, 569 ff. This issue does not seem to have changed with the TTIP. 10 M. Lemley, The Surprising Virtues of Treating Trade Secret ad IP Rights, Stanford Law Review 2008, 311 ff. 11 V. Falce (supra note 4), 130 ff. On the complementarity of trade secrets and patents see W. Cornish/D. Llewelyn, Intellectual Property: Patents, Copyright, Trademarks and Allied Rights, Sweet & Maxwell 2003, pp. 313 and 314. 12 C. Correa, Trade Related Aspects of Intellectual Property Rights. A Commentary on the TRIPs Agreement, Oxford University Press 2007, p. 365 ff. 13 See M. Risch, Why Do We Have Trade Secrets, Marquette IP L. Rev. 2007, 6 ff. This may be related to the fact that employment-related issues are in principle national prerogatives and a federalization of the issue would risk to over-rule state laws favoring employee mobility, as reported by A.A. Wennakoski (supra note 8), 170 ff. 14 For some remarks on the evolution of TS protection in the US: see again A. A.Wennakoski (supra note 8), 154 ff. 15 After the Restatement (First) of Torts of 1939, at the same time of the Restatement (Second) of Torts of 1979 but before the Restatement (Third) of Unfair Competition of 1995. See E. Rowe, Contributory Negligence, Technology, and Trade Secrets, Geo. Mason L. Rev. 2009, 1 ff., who also refers to the Economic Espionage Act. 16 See the Uniform Trade Secrets Act, available at (including amendments of 1985), herein after the UTSA. 17 S. Sandeen, The Limits of Trade Secret Law, in: R. Dreyfuss/K. Strandburg (eds.), The Law and Theory of Trade Secrecy. A Handbook of Contemporary Research, Edward Elgar 2011, p. 538 seq. 18 Defend Trade Secrets Act of 2016, , creating a federal cause of action for trade secrets misappropriation that largely mirrors the current state of the law under the said UTSA. 19 R. Denicola, The Restatements, the Uniform Act and the Status of American Trade Secret Law, in: R. Dreyfuss/K. Strandburg (supra note 17), p. 18 ff. (21). 20 A.A. Wennakoski (supra note 8), 155, explains that the UTSA is brief and focuses in particular on key notions (§ 1), remedies, namely injunctions (§ 2) and damages (§ 3) and the trade secrets preservation during proceedings (§ 5). 21 C.T. Graves, Trade Secrecy and Common Law Confidentiality, in: R. Dreyfuss/K. Strandburg (supra note 17), p. 102 ff., states that “there are 51 jurisdictions, and federal courts sometimes interpret state law differently than do courts in the state at issue”. 22 Germany, Finland, Greece, Denmark and Spain did not codify the notion of trade secrets, while Austria, Bulgaria, the Czech Republic, Estonia, Germany, Finland, Greece, Hungary, Italy, Latvia, Lithuania, Poland, Portugal, Slovakia, Slovenia and Sweden adopted acts prohibiting the unlawful acquisition of trade secrets with an act. France and Belgium adopted ad hoc rules for impeding employees and former employees to disclose data on production or production processes. 23 P. Torremans, Holyoak and Torremans Intellectual Property Law, 7th ed., OUP 2013, p. 623. 24 European Commission, Proposal on Proposed Directive on Trade Secrets, COM (2013) 813 final, p. 2. 25 Directive 2016/943/EU of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, available at , hereinafter the TS Directive. 26 As recital 10 of the TS Directive suggests. On this see N. Ackermann/J. Rindell, Should Trade Secrets be Protected by Private and/or Criminal Law: A Comparison Between Finnish and German Law, GRUR Int. 2017, 486 ff. According to the authors it is appropriate to provide rules at the EU level “to approximate the laws of the Member States so as to ensure that there is a sufficient and consistent level of civil redress in the internal market in the event of unlawful acquisition, use or disclosure of a trade secret. Those rules should be without prejudice to the possibility for Member States of providing for more far-reaching protection against the unlawful acquisition, use or disclosure of trade secrets, as long as the safeguards explicitly provided for in this Directive for protecting the interests of other parties are respected”. 27 This is also expressly reminded in recital 16 of the TS Directive: “In the interest of innovation and to foster competition, the provisions of this Directive should not create any exclusive right to know-how or information protected as trade secrets”. 28 By referring to honest commercial practices, rules on trade secrets recall the ethics-related standards of trade. On this K.M. Saunders, The Law and Ethics of TS: A Case Study, Cal. W. L. Rev. 2006, 209. 29 See Art. 3.1.a of the TS Directive. In the same sense see Sec. I of the UTSA, when referring to the notion of “proper means”. 30 However, in some countries absolute rights may exist or have existed. For instance, from 2005 to 2010, the Italian Industrial Property code foresaw an absolute protection. The code was modified in 2010 and the current version grants to some secret information a quasi-intellectual property right, but no longer an absolute protection. See A. Ottolia, sub Art. 99 of the Industrial Property Code, in: L.C. Ubertazzi (ed.), Commentario breve alle leggi su proprietà intellettuale e concorrenza, 6th edn, CEDAM 2016, p. 534 ff. 31 TRIPS, USTA and in particular see Art. 4.2.b. of the TS Directive. 32 J. Reichman, How Trade Secrecy Law Generates Innovative Know-How, in: R. Dreyfuss/K. Strandburg (supra note 17), pp. 185 ff. According to H. Zech (supra note 7), as to the allocation of economic value, the legal position of the trade-secrets holder has the property-like traits; although no transferable right results, know-how is at least factually transferable and thus can be economically exploited and also be the object of legal transactions. Accordingly, the possibility of undue enrichment is affirmed in case of an injury. When it comes to information which is detachable from the business, such as data from automated measurements, this should be advocated at least as a framework law. 33 As indicated by J.C. Stedman, Trade Secret, Ohio State Law J. 1962, 4 ff. 34 See J. Reichman (supra note 32), pp. 197 ff. 35 Among which the freedom of information is includedC. Sappa, IoT: What does Trade secrets have to do with the Interconnection-based paradigm of the Internet of Things?, EIPR 2018, 518 ff. 36 Traditionally, trade secrecy governs the production of routine engineers who develop applications of know-how with no access to patent protection. See J. Reichman, Charting the Collapse of the Patent-Copyright Dichotomy: Premises for a Restructured International Intellectual Property System, Cardozo Art & Entertainment 1995, 475 ff. 37 In particular, trade secrets law covers the semantic level of information, exactly like personal data protection rules. On this see J. Drexl (supra note 3), 269. 38 Know-how consists in technical knowledge, information about how to achieve some technical or commercial advantage over competitors, typically by means of novel methods or processes of production. 39 The § 1 of the UTSA uses a non-exhaustive lists: it refers to “information, including a formula, pattern, compilation, program, device, technique, or process” that derives independent economic value. The Japanese Unfair Competition Prevention Act No. 47 of 19 May 1993 (amended on 23 April 1999) referring to trade secrets as “technical or business information useful in commercial activities, such as manufacturing or marketing methods”. See also Art. 10 of the Chinese Anti-Unfair Competition Law, stating that trade secrets are technical and operational information”. 40 When secret, information or know-how may be held under factual, but not legal secrecy, which in turns affects the degree of protection the law affords according to S.P. Ladas, Patent, Trademarks and Related Rights: National and International Protection, 1975, pp. 1616 seq. 41 Ex multis Ruckelshaus v. Monsanto Co., 467 US 986, 1002 (1984); Kenawee Oil Co. v. Bicron Corp., 416 US 470, 475 (1974). 42 See also the Japanese Unfair Competition Prevention Act which states that trade secrets are technical or business information “which is kept secret and not publicly known”. In addition see Art. 10 of the Chinese Anti-Unfair Competition Law, stating that trade secrets are technical and operational information “which is not known to the public”. The wording of the Chinese provision might suggest that the threshold which information has to achieve in order to qualify as a trade secret is higher than in other countries. However, I am not in favour of this interpretation in the absence of additional information on the translation of this text and on the overall context of the law. As to the doctrine: according to G. Psaroudakis, Trade Secrets in the Cloud, EIPR 2016, 344 (345) footnote 6 (for references), information is secret to the extent it remains within a limited circle of addressees, closely connected to the business as employees or contractors with tasks related to the said information, and this is not disclosed to third parties so that unlimited or broad access emerges. See also M. Lemley (supra note 10), 311 ff. (359) suggesting that reasonable efforts to protect secrecy may make sense as evidence of secrecy or evidence as scienter, but probably not as a separate requirement; M.F. Schultz/D.C. Lippoldt, Approaches to protection of undisclosed information (TS), OECD Trade Policy Paper n. 162, 5, 22 January 2014, : “Although trade secrets are confidential, they are also commercial. For a trade secret to have any practical value, the owner usually must share it in order to collaborate with a limited group of employees and business partners. Laws thus expect and account for a certain amount of protected disclosure, within a constrained circle”. 43 A.A.Wennakoski (supra note 8), 156. 44 Art. 2.1.b of the TS Directive; Comments of Sec. I of the UTSA, referring to uses or disclosures that may create an economic value. Art. 10 of the Chinese Anti-Unfair Competition Law refers to information capable of “bringing economic benefits to the right owner”: again, this wording might have a different impact on the overall effects of the provision. However, I do not take any position on this in the absence of additional relevant information on the original text in Chinese. 45 A.A. Wennakoski (supra note 8), 156, points out to the fact that the UTSA does not mention any duration, while the First Restatement requires a continuous use, while according to the European literature no duration is prescribed by law. 46 Council of the EU, Opinion 9870/14 PI 67 CODEC 1295 of 26 May 2014, available at , spec. 15 and Recital 8. The current Art. 2(1)b of the TS Directive does not refer to potential commercial value; however, Recital 14 does. At the national level, the Directive was transposed in a different way in France and in Italy. In France the Trade Secrets Act of 30 July 2018 (Loi 2018-670 relative à la protection du secret des affaires) introduced Art. L 151-1 into the Business Code (code de commerce), where it is stated that both actual and potential value (valeur commerciale, effective ou potentielle) of the information are taken into account to assess its protectability. In Italy Art. 3.2 of the Legislative Decree of 11 May 2018 No. 63, aimed at modifying Art. 98 of the Industrial Property Code, merely refers to the economic value of the secret information. 47 Art. 39.2 of the TRIPS Agreement and Art. 2.1.c of the TS Directive. It is thus sufficient that the business has control over business-known secrets. Recital 7 and Art. 12.d of the TS Directive explicitly mention “files […] containing or embodying trade secret”. 48 Such as encryption measures, passwords that are regularly changed, other physical security measures (lockers), fragmentation of the overall chain of production with appropriate allocation of human resources, confidentiality agreements, non-competition clauses. As an example see MBL USA) Corp. v. Diekman, 445 N.E.2d 418, at 425, finding that the plaintiff’s security measures were insufficient to demonstrate the existence of a protectable trade secret. 49 On this see E. Johnson, Trade Secret Subject Matter, Hamline Law Rev. 2010, 545 (563, 565). See also G. Surblytë, Data Mobility at the Intersection of Data, Trade Secret Protection and the Mobility of Employees in the Digital Economy, GRUR Int. 2016, 1121 ff., which refers to case law to identify different types of protection. See also J. Reichman, Overlapping Proprietary Rights in University Granted Research Products: The Case of Computer Programs, in Columbia Journal Law & Arts 1992, 51 ff., who underlines that know-how sometime may qualify for protection as confidential information on other grounds and with different policies in mind than trade secrets. 50 “Compilations of data or other material, whether in machine readable or other form, which by reason of the selection or arrangement of their contents constitute intellectual creations shall be protected as such. Such protection, which shall not extend to the data or material itself, shall be without prejudice to any copyright subsisting in the data or material itself”. 51 The lack of an international framework enables the discriminatory treatment introduced by Directive 96/9/EC based on geographical criteria to be in compliance with the fundamental principle of non-discrimination For an in depth analysis on this see C. Mezzetti/M. Vittori, A Ghost is Haunting From Europe – Protection of Unoriginal Databases: a Trade-Off Between Investment Reward and Dissemination of Information, in: LL.M. Collection of Research Papers, WIPO Publications, Geneva 2003, pp. 121 ff. In the second half of the 1990s the US submitted a draft treaty proposal to WIPO, calling for the protection of databases created as a result of substantial investment by database producers in the collection, assembly, verification, organization or presentation of information. The term of protection was 25 years and could be renewed indefinitely upon showing of substantial changes to the database. The treaty proposal mandated national treatment. For a discussion on the events surrounding the draft database treaty in the 1996 WIPO Diplomatic Conference in Geneva of the U.S. draft treaty proposal to WIPO, see P. Samuelson, The U.S. Digital Agenda at WIPO, Virginia J. of Int. Law 1997, 369 ff. Some information on the failure of an international legal framework for protecting non-original databases conducted within WIPO is available at . 52 For instance South Korea has a form of protection which is similar to the one existing in the EU, but shorter (five years instead of 15). 53 This is the database notion according to Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of database, available at (hereinafter the Database Directive) enacted four years after the Proposal of Directive. According to Recital 13 of the Database Directive, the subject matter is comprised of “collections, sometimes called ‘compilations’, of works, data or other materials which are arranged, stored and accessed by means which include electronic, electromagnetic or electro-optical processes or analogous processes”. The definition is meant to be broad in order to cover future databases in any form. See on this CJEU, 9 November 2004, C-444/02 – Fixtures Marketing, available on the official website of the Court of Justice . 54 CJEU, 1 March 2012, C-604/2010 – Football Dataco v. Yahoo! UK, qualify originality as the free and creative choice of the author that adds her personal imprint into the arrangement and selection of data. 55 Commentators considered the sui generis protection to be bad public policy, the costs of which would unlikely outweigh its benefits. See J. Reichman/P. Samuelson, Intellectual Property Rights in Data?, Vanderbilt Law Review 1997, 52 ff.; J. Ginsburg, Copyright, Common Law, and Sui Generis Protection of Databases in the United States and Abroad, University of Cincinnati L. Rev. 1997, 151 ff.; J. Reichman/P. Uhlir, Database Protection at the Crossroads: Recent Developments and Their Impact on Science and Technology, Berkeley Technology Law Journal 1999, 796 ff. See also M. Pollack, The Right to Know?: Delimiting Database Protection at the Juncture of the Commerce Clause, the Intellectual Property Clause and the First Amendment, Cardozo Arts and Entertainment Law Journal 1999, 47 ff.; and Y. Benkler, Constitutional Bounds of Database Protection: The Role of Judicial Review in the Creation and Definition of Private Rights in Information, Berkley Technology Law Journal 2000, 535 ff., stating that granting a sui generis protection to the producers of (original and) non-original databases would raise serious constitutional questions under the Copyright Clause of the Constitution (in particular after the Supreme Court’s Feist decision, which rejected the “sweat of the brow” doctrine), the Commerce Clause and the First Amendment. For some critics on the latter, see M. Hamilton, A Response to Professor Benkler, Berkeley Technology Law Journal 2000, 605 ff., who agrees with Y. Benkler’s conclusion on the fact that the Collections of Information Antipiracy Act bill is constitutionally deficient; however, she is not convinced by the constitutional rhetoric surrounding the analysis. See also P.J. Heald, The Extraction/Duplication Dichotomy: Constitutional Line-drawing in the Database Debate, Ohio ST. L.J. 2001, 933 ff., suggesting that the Congress “could rely on the Commerce Clause to grant thin protection to unoriginal collections of information, but is constitutionally constrained from prohibiting the extraction and use of facts contained in a compilation, regardless of whether the compilation is original”. 56 Bills where the issue was questioned included the Database Investment and Intellectual Property Antipiracy Act of 1996 (H.R. 3531), 104th Cong. 1996; the Collections of Information Antipiracy Act of 1997 (H.R. 2652), 105th Cong, 1998; and the Consumer and Investor Access to Information Act of 1999 (H.R. 1858), 106th Cong. 1999; the Collections of Information Antipiracy Act of 1999 (H.R. 354), 106th Cong. 1999. An analysis can be found in M. Davison, Database Protection: Lessons from Europe, Congress, and WIPO, Cas. W. Res. L. Rev. 2007, 829 ff. 57 US Supreme Court, Feist Publications v. Rural Telephone Service, 499 US 340 (1991), available at . Because “originality is a constitutional requirement”, a compilation would not receive copyright protection unless the compiled material had been selected, coordinated or arranged in an original manner. 58 It was believed that electronic databases in a commercial context have to be comprehensive in order to be useful. Consequently, because of comprehensiveness, the requirement of originality based on selection or arrangement of the contents would hardly be met. 59 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of database, available at , hereinafter the Database Directive, enacted four years later the Proposal of Directive. 60 It is interesting to notice that the major stakeholders in the database industry at the time of the debate were American McGraw-Hill), European (Reed-Elsevier) and Canadian (Thomson, now Thomson Reuters). The EU was the only one introducing the sui generis protection. 61 On the nature of a neighbouring right of the sui generis protection: A. Lucas, Aperçu rapide sur la directive 96/9/CE du 11 mars concernant la protection juridique des bases de données, La Sem. Jur. 1996, n. 22; Bertani, Impresa culturale e diritti esclusivi, Giuffré 2001, p. 199. Contra: Vivant, L’investissement, rien que l’investissement: à propos des arrêts de la Cour de Justice du 9 novembre 2004, RLDI 2005, 41 ff. 62 The meaning attached to extraction and re-utilization is similar to the rights of reproduction and communication to the public. The CJEU in British Horseracing Board, pp. 12-15, stated that both direct and indirect extraction could constitute infringement of extraction. In a more recent case C-545/07 – Apis-Hristovich EOOD v. Lakorda AD, available on the official website of the Court , the Court has explained the meaning of extraction, and how it may occur in the context of a database. Similarly CJEU, Case C-304/07 – Directmedia Publishing GmbH v. Albert-Ludwigs-Universität Freiburg, ibid., the court developed the principle of extraction in the context of on-screen consultation, while as to re-utilization said that re-utilization may be both direct and indirect. However, the meaning associated with indirect re-utilization is still not very clear. 63 Main references on the neighboring right for databases are: Derclaye, Legal Protection of Databases. A Comparative Analysis, Edward Elagar 2008. Bertani (supra note 61), pp. 485 ff. Case law: CJEU, 9 November 2004, case C-444/02 – Fixtures Marketing, available on the official website of the Court of Justice ; CJEU, 9 November 2004, case C-338/02 – Fixtures Marketing Ltd v. Svenska Spel Ab, ibid.; CJEU, 9 November 2004, case C-203/02 – The British Horseracing Board and o., ibid.; CJEU, 9 November 2004, case C-46/02– Fixtures Marketing Ltd v. Oy Veikkaus Ab, ibid. The four decisions are commented by Derclaye, The Court of Justice Interprets the Database sui generis Right for the First Time, European L. Review 2005, 420 ff. See also CJEU, 9 October 2008, case C-304/07 – Directmedia Publishing, available on the official website of the Court of Justice ; interpreting broadly the neighboring right content; and on the notion of substantial part having effects on the scope of the right content CJEU, 5 March 2009, case C-545/07 – Apis-Hristovich, ibid. 64 The protection lasts for 15 years from date of production, but the length re-start any time there is a substantial modification of the database, i.e. the right can become perpetual, exactly like trade secrets. 65 Art. 11 adds that “companies and firms formed in accordance with the law of a Member State and having their registered office, central administration or principal place of business within the Community; however, where such a company or firm has only its registered office in the territory of the Community, its operations must be genuinely linked on an ongoing basis with the economy of a Member State”. And yet that “Agreements extending the right provided for in Article 7 to databases made in third countries and falling outside the provisions of paragraphs 1 and 2 shall be concluded by the Council acting on a proposal from the Commission. The term of any protection extended to databases by virtue of that procedure shall not exceed that available pursuant to Article 10”. 66 According to P. Yu (supra note 9), a more favorable environment of producing databases in the EU would have attracted businesses to set up offices in, or relocate to, the EU and thus chipping away the US’s competitive edge in the information revolution. However, the database industry has failed to provide evidence as to how it would be harmed had the legislative proposal not been adopted. This succeeded in making generalized claims of potential foreign competition and piracy in the European markets. 67 CJEU, 9 November 2004, C-444/02 (n. 203), C-338/02 (n. 211), C-203/02 (n. 212), C-46/02 (n. 211), (i) did not expressly define obtention, (ii) said that verification ensures reliability and monitoring accuracy after obtaining the contents for the database, and (iii) qualified presentation means substantial costs made towards the function of processing information, i.e. selection, arrangement and individual accessibility. 68 European Commission, First Evaluation of Directive 96/9/EC on the Legal Protection of Databases, released on February 2006, available at , p. 3. 69 According to European Commission, ibid., 17, 22 and 24, in 2001 there were 4085 EU-based database entries and most of the 15 EU Member States had transposed the Database Directive into national law. In 2004 that number declined to 3095. In a comparative perspective, the Database Directive aimed to create a level playing field between the EU and US database industries; however, “the European share decreased from 33% to 24% [between 2002 and 2004] while the US share increased from 62% to 72%. The ratio of European/US database production, which was nearly 1:2 in 1996, has become 1:3 in 2004.” For a reasoned analysis see M. Bertani, Banche dati ed appropriazione delle informazioni, in: Europa e diritto privato, 2006, p. 319 ff. 70 Given the reduced competitiveness among EU database producers, the European Commission may have been expected to repeal, withdrawal or, at least amend the Database Directive. None of these recommendations or initiatives occurred. Instead, as reported by P. Yu, Data Producer’s Right in the Platform Economy, Medien und Recht International 2018, forthcoming, the EC Report advanced some justifications for retaining this Directive: (1) the Commission “ha[d] received strong representations from the European publishing industry that “sui generis” protection [was] crucial to the continued success of their activities”; (2) a repeal of the sui generis right “would require withdrawing, or ‘reverse’, legislation and that might reopen the original debate on the appropriate standard of ‘originality’” since the Database Directive also deals with copyright protection; (3) “removing the ‘sui generis’ right and thereby allowing Member States to revert to prior forms of legal protection for all forms of ‘non-original’ databases that do not meet the threshold of ‘originality’, might be more costly than keeping it in place”; and (4) the widespread use of the Internet and the arrival of new digital communications technologies did bring along complications. 71 The “misappropriation doctrine”, expressly referred by the Feist case was first elaborated in International News Service (INS) v. Associated Press (AP), 248 U.S. 215 (1918). 72 For an analysis see E. Derclaye, The Legal Protection of Databases. A Comparative Analysis, Edward Elgar 2007. In a US perspective see J. Ginsburg, Copyright, Common Law, and Sui Generis Protection of Databases in the United States and Abroad, 66 U. Cin. L. Rev., 1997–1998, 151 ff.; see also eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1069-70 (N.D. Cal. 2000), recognizing claims of “trespass to chattels” over the unauthorized extraction of information from an Internet website. 73 See in particular J. Drexl (supra note 3), 269; A. Wiebe, GRUR Int. 2016, 877 (880). See also Communication From The Commission To The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions, Building a European data economy, COM(2017)9, 10 January 2017, § 3.3., available at . 74 These arguments have already been developed in relation to IoT only in C. Sappa, EIPR 2018, 518 ff., and they will be shortly summed up and extended to Big Data and AI (if possible) here. 75 See C. Sappa, EIPR 2018, 518 ff. 76 The lack of express reference to automated processes in the TS Directive or in the USTAdoes not imply to assume a discriminatory treatment between traditional data and data coming from a machine-to-machine process. A. Wiebe, GRUR Int. 2016, 877 ff. (880), points out that the drafters of the TS Directive did not have Big Data in mind. Thus, the author suggests that the current text of the TS Directive is unclear as to the extent which data produced by smart products benefit from trade secrets protection; and on the other he states that it may be considered as outdated already. 77 Some jurisdictions may foresee different kinds of protection for different data. See for instance M. Bertani, Proprietà intellettuale e nuove tecniche di appropriazione delle informazioni, AIDA 2005, 322 ff., explaining that in Italy before 2010 information that could not qualify for patent protection could qualify for unfair competition protection (Art. 2598.3 of the Italian civil code), but not for a trade secrets regime. 78 As an additional and complementary remark, the circulation of secret information is allowed as such. This means that in principle at least, protection cannot be denied. However, contractual aspects have to be studied to analyze the effect that such a circulation has on the competitive advantage of the right owner. On thisA. Ottolia (supra note 3), p. 61. 79 On this see also the remarks by G. Psaroudakis, EIPR 2016, 346, discussing how in the Big Data area the analysis of data by third parties would imply an infringing disclosure, provided that the third party has no authorized access, for example through the acquisition of data on the basis of a know-how contract. Additionally, see M. Bertani, Big Data, proprietà intellettuale e mercati finanziari, AIDA 2017, 538 ff., on the fact that secrecy regime is not quashed by abusive disclosure towards a number of person which is aligned with the aim of re-building secrecy provided by injunctions or other remedies. 80 However, according to J. Drexl (supra note 3), 269; A. Wiebe, GRUR Int. 2016, 877, within an interconnection-based framework, the steps required of the person responsible for keeping the information secret are not clear. In addition to this, according to E. Rowe, Geo. Mason L. Rev. 2009, 1 ff., available at available at; and G. Psaroudakis, EIPR 2016, 347 ff., in principle, a higher diligence is expected from the owner of the secret information stored on the cloud, and in any case an exclusion (or limitation to a certain extent) of liability clause of the cloud provider would not be aligned nor be consistent with reasonable efforts to keep the information secret. See also E.A. Rowe, Saving Trade Secret Disclosures on the Internet through Sequential Preservation, Wake Forest Law Rev. 2007, 31 ff., explaining that the information is protected by secrecy when it is kept secret, even on the Internet, which seems to have a public nature. From a practical perspective, the requirements can be met if manufacturers of complex machines keep the data collected by the machines secret in respect of their clients. 81 As a side note, the same structure of a minefield is barely revealed. 82 On this see A. Ottolia (supra note 3), p. 53 and note 26. 83 This recital has already received some criticism from the doctrine. See H. Zech, Data as a tradeable commodity, in: A. De Franceschi (ed.), European contract law and the digital single market, Intersentia 2016, p. 51 ff. (63), suggests that data may not have any commercial value yet, however they can be trivial. With Big Data, trivial information can have an economic value when there is enough trivial information put together and analyzed. Even raw data has value which, under certain circumstances, just happens to be very low. There is not a similar express statement in the UTSA. 84 A. Ottolia (supra note 3), p. 57, states that the utility is related to the entire set of information and not to a datum as such. 85 A. Ottolia (supra note 3), p. 57, states that the substantiality of the investment can also be used as a criterion to determine the ownership or the existence of an independent creation. 86 Thus, the argument advanced by Wiebe, GRUR Int. 2016, 877 (880), considering that the protection should not apply because data are generated in a network of different entities connected through a value network, and therefore it is difficult to allocate protection to a single person controlling the secret, is not a valid one. 87 Contrary (at least in part): H. Zech (supra note 83), p. 51ff.: J. Drexl (supra note 3), 267 ff. For a more cautious statement see A. Ottolia (supra note 3), p. 74. 88 See Recital 21 of the Database Directive. 89 Supra I.B in fine. 90 H. Zech, Data as tradeable commodity, cit., 51 ff.: J. Drexl (supra note 3), 267 ff. 91 A. Ottolia (supra note 3), p. 78, note 10. 92 For an example, A. Ottolia (supra note 3), pp. 78ff., who also suggests the protectability of upstream investments related to the acquisition or the use of the technological infrastructure, of the relevant software licences needed for organizing data systematically or for verifying them. 93 C. Sappa, IP e banche dati nella pubblica amministrazione, AIDA 2010, 692 ff. (699 ff.). IoT technologies are often instrumental to supplying services (built upon a systematical arrangement of data, which is then a by-product of the company). 94 E. Ostrom/C. Hess, A Framework for Analyzing the Knowledge Commons, in: Understanding Knowledge as a Commons: From Theory to Practice, The MIT Press 2007, pp. 10 ff. 95 See supra, I.B, in particular note 65. 96 According to M. Ricolfi, Concorrenza e mercato, 2017, p. 224, this is why one should ask whether information accumulated via IoT has to be treated as an essential facility and whether the balance of interests of a business investing in the IoT on the one hand and the outsider wishing to access to it on the other has to be resolved by antitrust or by contractual arrangements as the one having led to FRAND obligations. The discussion is also addressed in A. Ottolia (supra note 3), Chapters IX and X, where the author suggests analysis of data pool in several perspectives. 97 As it results from part of this analysis – on databases right – as well. 98 Knowledge and knowledge resources contributed to and available for use in a limited, managed, legally, technologically and socially constructed institution, organization and structure can be viewed as information commons. M. Madison, Open Secrets, in: R. Dreyfuss/K. Strandburg (supra note 17), p. 222 ff., quoting among others the example of a patent pool constructed by owners of patents who contribute them to the pool and make them available to its members on standardized terms. Another example could be the Internet: it consists of webpages and other information posted by Internet users to openly-accessible hosts and made available to all other Internet users. Thus, commons are crucial structures for managing the production and exploitation of knowledge in ways that are complementary to but distinct from markets. They are structures defined by individual entitlements and private ordering, which are complementary to but distinct from custom and social norms. Commons are open institutions by design. However, they are not open like the public domain is; they are open in the sense that legal rules design and manage the resources in the commons so that commons members, but also individuals and institutions in adjacent places can produce, sustain and consume commons resources in a sensible way. Commons resources may be more or less open and accessible. Likewise, the membership of the community that contributes to and manages those resources may be more or less open and changeable,E. Ostrom/C. Hess (supra note 94), p.10 ff. Knowledge commons consist primarily of intangible knowledge resources such as copyrightable works of authorship, patentable inventions and unowned or unknowable facts and ideas that are defined and given shape by relevant bodies of law and often by IP lawsM. Madison (this note), 2011, p. 222 ff. Trade secret may be one of the commons constructions. 99 See also the analysis of A. Ottolia (supra note 3). See then M. Ricolfi (supra note 3), stating that the long-term goal should be re-decentralization. 100 B. Frischmann, Cultural Environment and the Wealth of Networks, Chicago Law Review 2007, 1112 ff., qualified the World Wide Web as an open information commons and some authors have demonstrated that it “embeds” the structured commons of the search landscape provided by private firms:M. Madison (supra note 98), pp. 240 ff., stating that Google’s search engine results are an example of commons structured via trade secret. My analysis tries to demonstrate that IoT (and maybe AI) is a knowledge commons as well. 101 SLAs are contracts between the provider of a service – such as the cloud provider or IoT service supplier – and its internal or external end-user or costumer – such as network operators. They are used to ensure that a service provider meets the expectation of a user or customer. Thus, they define what service is provided and the level of performance that shall be met, as well as remedies or penalties in case the agreed upon levels are not achieved. SLAs then include clauses on expectations relative to networks, devices and data, exceptions or constraints, monitoring and reporting mechanisms, reliability, and responsiveness. It is important to note that the above SLA factors are all of a general nature and that SLAs within the IoT universe will have their own set of very specific issues. Two of the most important measurement areas are “availability” and “performance”. An SLA may specify availability, performance and other parameters for different types of customer infrastructure – internal networks, servers and infrastructure components. SLAs act as a safety blanket and establish customer expectations on a provider’s performance and quality. Most providers set their own standard SLAs reflecting various levels of service. 102 Including commercial exploitation purposes. 103 P. Yu, The Political Economy of Data Protection, Chicago-Kent Law Review 2010, 777 ff. (801). 104 B. Frischmann/M. Lemley, Spillovers, Columbia Law Rev. 2007, 257ff. Spillovers suggest that commons can serve an important role in solving production and sustainability problems associated with the public goods nature of knowledge resources according to M. Madison/B. Frischmann/K. Strandburg, Constructing Commons in the Cultural Environment, Cornell Law Rev. 2010, 657 ff. 105 “The secrecy requirement serves as a gatekeeper, ensuring that the law encourages the disclosure of information that would otherwise be kept secret, while channeling inventors of self-disclosing products to the patent system”. M. Lemley (supra note 10), 311 ff. See also J. Reichman, How Trade Secrecy Law Generates Innovative Know-How, in: R. Dreyfuss/K. Strandburg (supra note 17), pp. 185 ff. (197ff.). 106 M. Lemley (supra note 10), 311 ff., states that secrecy requirements serve as a channeling function, ensuring that the law encourages disclosure of information that would otherwise be kept secret, while channeling inventors of self-disclosing products to the patent system. 107 However, R.G. Bone, A New Look At TS Law: Doctrine in Search of Justification, California L Review 1998, 241 (282), is somewhat skeptical on this matter: “A firm might invest more if it knew it could protect the results through the TS law, but it is not evident that the additional investment would enhance competition or product quality enough to justify the social costs”. Then, aside from its role in promoting innovation, trade secrets protection copes with the creation of social groups, firms and institutions and manages interfaces between groups and outsiders M. Madison, Open Secrets, in: R. Dreyfuss/K. Strandburg (supra note 17), pp. 222 ff. (224), note 10. The commons institution governs not only what happens inside the commons but also the relationship (including benefits and costs) between the commons and other groups and outsiders. Information may be secret for purposes of interactions subject to special duties, such as those between business partners, but that same information may be accessible for other purposes, such as relations between a supplier and a consumer or between competitors. What happens in commons does not stay in commons. In partnership with the German Association for the Protection of Intellectual Property (GRUR) JIPLP exchanges content with GRUR Int., the leading German-language journal specialising in intellectual property law. This section features specially-selected content from GRUR Int. for the benefit of our readers. © The Author(s) 2019. Published by Oxford University Press. All rights reserved. This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/open_access/funder_policies/chorus/standard_publication_model) TI - How data protection fits with the algorithmic society via two intellectual property rights – a comparative analysis JF - Journal of Intellectual Property Law & Practice DO - 10.1093/jiplp/jpz022 DA - 2019-05-01 UR - https://www.deepdyve.com/lp/oxford-university-press/how-data-protection-fits-with-the-algorithmic-society-via-two-7upjpwXtlQ SP - 407 VL - 14 IS - 5 DP - DeepDyve ER -