Indus­try 4.0: legal pro­tec­tion of machine-generated data

In the past, data from pro­duc­tion pro­ces­ses ten­ded to be seen as a secon­da­ry bypro­duct with litt­le eco­no­mic value. But with the pro­gres­si­ve digi­tiza­ti­on of pro­duc­tion pro­ces­ses as part of Indus­try 4.0, ana­ly­sis of data from the hard­ware and soft­ware ele­ments of machi­nery is beco­ming incre­asing­ly important eco­no­mic­al­ly. Ana­ly­zing machine-generated data from a smart fac­to­ry (only in Ger­man) may enable impro­ve­ments to pro­duc­tion pro­ces­ses, and the abili­ty to ana­ly­ze machine-generated data for the enti­re sup­p­ly chain or enti­re manu­fac­tu­ring seg­ments may be even more intriguing.

But tra­ding and exchan­ging machine-generated data invol­ves a high risk that the data will fall into the hands of unaut­ho­ri­zed third par­ties. Sin­ce com­pa­nies have an inte­rest in pro­tec­ting their data, this rai­ses the ques­ti­on of how the data can be pro­tec­ted. Par­ti­cu­lar­ly sen­si­ti­ve are cases in which com­pa­nies make their data available to out­si­ders, e.g. for inter-company ana­ly­ses, which offer the grea­test poten­ti­al bene­fits. Tech­ni­cal methods such as encryp­ti­on have signi­fi­cant limi­ta­ti­ons in such cases, and tra­di­tio­nal legal opti­ons for pro­tec­ting com­pa­ny data are not much more effective.

right of owner­ship to data does not exist and copy­rights can­not be invo­ked becau­se the data are machine-generated, rather than being the intellec­tu­al crea­ti­on of an indi­vi­du­al. Moreo­ver, the data typi­cal­ly can­not be matched to any spe­ci­fic indi­vi­du­al, so that data pro­tec­tion law does not app­ly. Appli­ca­ti­on of this law would in any case be unde­si­ra­ble sin­ce it would open the door to pos­si­ble rights of access for data sub­jects. Cri­mi­nal pen­al­ties gene­ral­ly app­ly only if the data were obtai­ned wit­hout aut­ho­riza­ti­on, which is not the case if the data were ori­gi­nal­ly released vol­un­t­a­ri­ly. While con­trac­tu­al arran­ge­ments (such as NDAs) may pro­vi­de a cer­tain degree of pro­tec­tion, the shar­pest tool which the legal sys­tem pro­vi­des, that of cri­mi­nal sanc­tions, is not available in this case. And con­trac­tu­al arran­ge­ments have ano­ther weak­ne­ss as well: they only app­ly bet­ween the con­trac­ting par­ties. Once the data lea­ve the cir­cle of the con­trac­ting par­ties and fall into the hands of third par­ties, tho­se third par­ties are not bound by the con­trac­tu­al arrangement.

Howe­ver, the Ger­man Trade Secret Act offers poten­ti­al solu­ti­ons for the­se pro­blems. This legis­la­ti­on was enac­ted a rela­tively short time ago, and did not take effect until 26 April 2019. It defi­nes the legal con­se­quen­ces for the acqui­si­ti­on, use and dis­clo­sure of trade secrets bet­ween pri­va­te indi­vi­du­als. Its pro­tec­ti­ve mecha­nisms are appli­ca­ble in all cases whe­re a trade secret exists, as defi­ned in § 2(1) of the Trade Secret Act, i.e. in cases invol­ving non-public infor­ma­ti­on of eco­no­mic value whe­re the lawful owner has taken ade­qua­te mea­su­res to main­tain the con­fi­den­tia­li­ty of this infor­ma­ti­on. Other­wi­se, it is only neces­sa­ry for the owner to have a legi­ti­ma­te inte­rest in main­tai­ning secrecy.

Sin­ce for infor­ma­ti­on to be con­side­red “non-public” in accordance with § 2 No. 1 (a) of the Trade Secret Act it is only neces­sa­ry for access to be rest­ric­ted in prac­ti­ce, the ques­ti­on as to whe­ther infor­ma­ti­on qua­li­fies as a trade secret cen­ters upon whe­ther ade­qua­te mea­su­res have been taken to keep the infor­ma­ti­on secret.  The­se mea­su­res must afford ade­qua­te pro­tec­tion against unaut­ho­ri­zed access, but do not neces­s­a­ri­ly have to include tech­ni­cal pre­cau­ti­ons: legal mea­su­res, such as the afo­re­men­tio­ned non-disclosure agree­ments, may be suf­fi­ci­ent. The spe­ci­fic mea­su­res which are requi­red in each case are to be deter­mi­ned based on a risk assessment.

If the Trade Secret Act appli­es, secret hol­ders have exten­si­ve opti­ons for obtai­ning legal reli­ef, such as aba­te­ment and desis­tance claims, as well as dama­ge claims. The­se claims may be asser­ted against each and every inf­ring­er, unli­ke claims based on non-disclosure agree­ments, which can only be asser­ted against con­trac­ting par­ties. Tho­se who vio­la­te trade secrets may face cri­mi­nal lia­bi­li­ty as well.

Accor­din­gly, com­pa­nies are empha­ti­cal­ly advi­sed to estab­lish ade­qua­te pro­tec­ti­ve mea­su­res and set up a manage­ment sys­tem for the pro­tec­tion of their secrets. If done pro­per­ly, this need not result in a gre­at expen­se for the com­pa­ny but may pro­du­ce enorm­ous benefit.

For detail­ed back­ground infor­ma­ti­on, also see: Hessel/Leffer, Recht­li­cher Schutz maschi­nen­ge­ne­rier­ter Daten – Schutz durch das GeschGehGMMR 2020, 647 et seq.


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.