Hans-Christian Woger - Code and Law

Transcript

1. CMS Law | DroidCon Berlin 27.06.2018 Code and Law -

   A legal session on privacy, know- how and (unfortunately not) open source

2. DroidCon Berlin 27.06.2018 CMS Germany CMS at a glance 2

   - 71 offices - 65 cities - 40 countries - > 4,500 lawyers In jurisdictions where we do not have our own offices, CMS has been working successfully with partner firms within the World Law Group since 1988.

3. DroidCon Berlin 27.06.2018 CMS Germany Part I – Data Protection

   3

4. DroidCon Berlin 27.06.2018 CMS Germany When is the GDPR an

   issue? 4 Answer yourself one simple question: Do I/does my app collect/store/share personal data? Personal data can be a lot of things: a first and/or last name, an email address, a telephone number, location data and many more like analytics or ads, ip-address, UDID, IMEI, IMSI, "Phone-Name", biometrical data. A person needs to be identified or identifiable. If the answer is yes (or even maybe yes) GDPR is an issue for you

5. DroidCon Berlin 27.06.2018 CMS Germany What is comprised by the

   GDPR? 5 Rights of data subjects Transparent information and communication Right to be informed Right to access the data Right to correct wrong data Right to be forgotten, deletion, restriction Right to data portability Obligations of the data processors and controllers Documentation Privacy by design and privcay by default Data breach notification Data protection impact assessment Consultation Data protection officer

6. DroidCon Berlin 27.06.2018 CMS Germany What to do? 6 Seven

   steps to get control: 1. Get a map 2. Read the map and stick to your path 3. Know your way around the forest 4. Ask the user 5. Talk to the user 6. Check the party guests 7. Write down the rules

7. DroidCon Berlin 27.06.2018 CMS Germany Worst Case! 7 Privacy Policy:

   We don't really know what data about you we have or what we will be doing with it. When we figure this out we will get back to you.

8. DroidCon Berlin 27.06.2018 CMS Germany In the end… 8 “People

   have entrusted us with their most personal information. We owe them nothing less than the best protection that we can possibly provide.” Tim Cook, White House Cybersecurity Summit, February 2015

9. DroidCon Berlin 27.06.2018 CMS Germany Part II – Know-how Protection

   9

10. DroidCon Berlin 27.06.2018 CMS Germany What is Know-how? - trade

    secrets = business informations - data and knowledge - business plans - informations on clients and partners - internal stats and figures about your enterprise - plans and strategies, e.g. mergers and acquisitions - recipes - intellectual property beside patents, trademarks, copyrights, designs 10

11. DroidCon Berlin 27.06.2018 CMS Germany Know-how = trade secret -

    EU directive on the protection of undisclosed Know-how and business information (trade secrets) / GeheimnisschutzG - aim: protection of innovations and economy in general - trade secret means: • secret information (not generally known or readily accessible to other persons) • commercial value • subject to reasonable steps under the circumstances to keep it secret 11

12. DroidCon Berlin 27.06.2018 CMS Germany Know-how Protection technical and organisational

    steps to protect legal steps to protect employment contracts contracts with suppliers, clients and partners Reasonable steps to keep it secret 12

13. DroidCon Berlin 27.06.2018 CMS Germany Technical and organisational steps to

    keep it secret - technical steps: • passwords • firewalls • limitations of access rights • classification of Know-how into different classes and secret steps • notations of secret ("top secret") - organisational steps: • documentation of the trade secrets and its reasonable steps to keep it secret • procedures and competences for the internal use of trade secrets • workshops for employees on know-how protection and IT security 13

14. DroidCon Berlin 27.06.2018 CMS Germany - employment contracts: • non-competition

    clause (up to two years after termination of the contract) • prohibition to entice other colleagues • non-disclosure agreements • IT and social media guidelines Legal steps to keep it secret 14

15. DroidCon Berlin 27.06.2018 CMS Germany - contracts with suppliers, clients

    and partners: • non-disclosure agreements • contractual penalty in case of infringement • exclusion of reverse engineering (which is now allowed under EU Know- how directive, unless other contractual agreements are made) Legal steps to keep it secret 15

16. DroidCon Berlin 27.06.2018 CMS Germany Acquisition, use and disclosure of

    trade secrets - lawful: • independent discovery/creation • observation, study, testing of a product or object that has been made available to the public • other practice which, under the circumstances, is in conformity with honest commercial practices • acquisition, use and disclosure that is allowed under european or national law • reverse engineering • whistle blowing (legitimate interests, freedom of media) - unlawful: • acquisition of a trade secret carried out by unauthorised access to, appropriation of, or copying of any documents, materials or files or any other conduct contrary to honest commercial practices • use or disclosure of a trade secret by a person having acquired the secret unlawfully or being in breach of a confidentiality agreement 16

17. DroidCon Berlin 27.06.2018 CMS Germany - injunctive relief - damages

    - right to receive informations about the sales made by the infringement - burden of proof: • trade secret • reasonable steps to keep it secret • documentation! Claims in case of infringement 17

18. DroidCon Berlin 27.06.2018 CMS Germany Thank you for your attention!

    18

19. footer text | footer date CMS Firm