Data Sharing Obligations under the Data Act and the Protection of Trade Secrets

This thesis focuses on analysing the effects of the (B2C and B2B) data sharing obligations under the Data Act on the protection of trade secrets in the EU. The perspective chosen for the analysis is the effective protection available for trade secret holders.

The Data Act introduces new mandatory data sharing rules that obligate the so-called data holders to make certain data generated using connected products (such as IoT products) and services related to these products to users of such products and services as well as to third parties on request of the users. Though (part of) the data to be made available could be protected by trade secrets, the starting point of the Data Act is that trade secrets are not a valid ground to refuse from sharing data. The interplay between the data sharing obligations of the Data Act and the protection of trade secrets is likely to cause tension.

In this thesis the provisions of the Data Act concerning the scope of the regulation, making data available and the interplay with trade secret protection shall be described and analysed. It is also essential to analyse whether and to what extent the data within the scope of the Data Act’s mandatory rules on data sharing is suitable for trade secret protection under the Trade Secrets Directive. Following the foregoing steps, the effects of the data sharing obligations on the effectiveness of trade secret protection can be analysed. In this analysis also some of the practical effects of the Data Act on businesses will be considered as well as key challenges.

The research method utilised in this thesis is the doctrinal method and hence the systematisation and interpretation of the existing legal norms (those of the Data Act and the Trade Secrets Directive) is at the core. The thesis found that there are several provisions in the Data Act that either expressly or implicitly safeguard trade secrets – these are categorised as follows: (i) scope limitations, (ii) use restrictions, (iii) protective measures and (iv) handbrake mechanisms. Together these provisions create a rather complex network of safeguards, and each individual piece in it is subject to interpretation.

Despite the various safeguards, there are also challenges and uncertainties that affect the protection available for trade secret holders. These relate to, for example, enforcement, contracting, inconsistencies within the Data Act and particular scenarios where a trade secret holder is not the data holder and hence cannot (at least directly) rely on some of the mechanisms provided for in the Data Act. Furthermore, the unclarity concerning data(sets) that could qualify for trade secret protection under the Trade Secrets Directive has the potential to diminish legal certainty. Additionally, criticism has been presented against the so-called trade secrets handbrake, by which a data holder could refrain from sharing data. The criticism is based on concerns that by utilising the trade secrets handbrake a data holder could gain de facto control over data that does not necessarily qualify as a trade secret under the Trade Secrets Directive.