Are Joint Controllers Joint Trade Secret Owners? What EU Data Protection and US Information Privacy Law Tell Us About Trade Secret Law

Abstract

The article focusses on (joint) trade secret ownership as a (neglected) aspect of European Union (EU) and United States (US) Trade Secret Law. The article shows that Information Privacy Law and Data Protection Law, respectively, and Trade Secret Law intersect. This intersection can be used to address not only the issue of unclear trade secret ownership in relation with personal data, but also the issue of power imbalance raised by considering two or more parties with entirely different bargaining positions as jointly responsible under Data Protection Law, in particular under the General Data Protection Regulation (GDPR). In this regard, US Information Privacy and Trade Secret Law as well as EU Data Protection and Trade Secret Law and the underlying ownership and liability concepts are analysed and compared to each other. The article shows that factors for (joint) control as developed by the Court of Justice of the European Union (CJEU) (Cases Wirtschaftsakademie, Jehovah’s Witnesses (JW), and Fashion ID) can be adapted by means of interpretation in essence under EU and US Trade Secret Law. Thus, joint controllers are often considered joint owners of the respective personal data as a trade secret. According to this approach, the parties are reciprocally entitled to prevent disclosures by each other beyond what is explicitly or implicitly agreed. Such right can act as a lever for weaker parties when bargaining with ‘stronger’ parties as necessary under Data Protection Law. At the same time, the essentially unified approach of determining trade secret ownership and data protection controllership provides for more clarity when it comes to the determination of trade secret ownership. Joint Control, Trade Secrets, Ownership, Joint Ownership, UTSA, Fashion ID, Trade Secret Directive, GDPR, FTCA, US