As previously reported on our Privacy Blog, TalkTalk, a major UK telecoms company, has been fined a record breaking £400,000 for a data breach after they were hacked. This fine, given by the ICO (the UK’s data protection authority), followed an in-depth investigation into an attack by hackers on TalkTalk’s systems where hackers obtained the details of 156,959 customers, including their names, addresses, dates of birth, phone numbers and email addresses. The maximum fine the ICO can require companies to pay is £500,000. Read the full post on our Privacy Law Blog.
On July 30, 2016, newly-elected British Prime Minister, Theresa May, wrote an article detailing how her government would lead the charge in combatting modern slavery. As a major proponent of the UK Modern Slavery Act (and one who played a key role in the Act’s passage as former Home Secretary), May pledged to make it her personal mission to help eradicate the “barbaric evil” of slavery and human trafficking, calling it the “great human rights issue of our time.” In doing so, she announced the allocation of £33 million from her aid budget to create a 5-year International Modern Slavery Fund focused on high-risk countries.
The Upper House of India’s Parliament just passed an amendment to India’s Maternity Benefit Act of 1961. The amendment increases maternity leave to 26 weeks of paid leave, a major increase over the current 12 week leave. Continue Reading
On May 31, 2016, the Advocate General (“AG”) of the European Court of Justice issued its opinion in a case relating to a Muslim employee wearing a headscarf at work. In the case, Samira Achbita v. G4S Secure Solutions NV, Case C-157/15, the AG stated that a neutral policy prohibiting employees from wearing visible religious symbols was not direct discrimination under Article 2(2)(a) of Directive 2000/78 EC, the EU Directive that addresses discrimination in the workplace. Furthermore, the AG indicated that such a policy may not constitute indirect discrimination either, and therefore not be illegal, provided it is based on a legitimate and proportional policy requiring religious or ideological neutrality in the workplace. This decision, while not binding, stands in stark contrast to the law on the subject in the United States, where just in 2015 the Supreme Court held that failing to hire an applicant because she wore a headscarf constituted discrimination.
On 23 June 2016 the people of Britain voted in favour of leaving the European Union – the so-called “Brexit.” The result has created uncertainty and speculation as to the implications of Brexit and what happens next.
Employee’s Privacy Rights
European courts continue to grapple with the limits on employee protections under Article 8 of the European Convention of Human Rights. Article 8 protects a person’s right to respect for their private and family life, and our blog has actively tracked developments on the subject (to review prior rulings, see here, here, and here). The UK’s Employment Appeal Tribunal (EAT) recently further defined the limits of an employee’s expectations of privacy in the workplace when it held that an employee had no reasonable expectation of privacy in emails and photographs from his personal phone that had been passed to the police.
Until recently, there have been few formal regulations regarding the operation of foreign non-governmental organizations (NGOs) in China. While the Chinese government has expressed skepticism and, at times, hostility toward foreign NGOs, many NGOs – including many prominent U.S. based organizations – currently operate in China. Based on new legislation in China, however, the status of the more than 7,000 foreign NGOs operating in China – in addition to many other organizations wanting to expand into the country – now remains in question.
European courts continue to clarify the right of employers to review their employees’ emails. As we discussed previously, the European Court of Human Rights and the National Labor Relations Board of the U.S. have recognized that employers have the right to monitor their employees’ internet communications in order to ensure productivity during work. (To review the holdings by the ECHR and NLRB, please click here and here, respectively.)
The protection afforded to trade secrets is disparate across the EU. In order to protect trade secrets as potential drivers for economic growth and jobs and to create a level-playing field within Europe, the European Parliament has now approved the Trade Secrets Directive.
This Directive aims to provide a minimum, uniform level of protection in respect of undisclosed know-how and business information (trade secrets) against unlawful acquisition, use and disclosure. The intent is for this protection work in parallel with the existing uniform EU law protecting intellectual property.
The Directive provides a minimum standard framework, with common definitions, procedures and sanctions. Higher levels of protection are permitted. Accordingly, countries which already enjoy higher levels of protection (e.g. UK and Germany) will not necessarily need to take any steps to implement the requirements. Nonetheless, decisions of the ECJ interpreting the Directive may well have a bearing on the existing national law of Member States in relation to trade secrets.
The following is a list of the notable aspects of the Directive:
Recitals 27(a) – Post termination restrictions
There are no requirements to harmonise the laws in relation to post-termination restrictions, including non-compete clauses.
Article 1.2a – Subject matter and scope
The Directive does not seek to limit an employee’s use of their experience and skills honestly acquired through the normal course of their employment. This means that what amounts to a trade secret must be above and beyond something that is mere skill and experience. Additional restrictions cannot be put on employees to reduce their mobility because of the Directive.
Article 2 – Definition of “trade secret”
Under the Directive, a “trade secret” is information that (i) “is secret in the sense that it is not….generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (ii) has “commercial value because it is secret”; and (iii) “has been subject to reasonable steps under the circumstances, by the person in control of the information, to keep it secret” (emphasis added).
This broad definition reflects the wording of article 39(2) of international TRIPS Agreement (Trade-Related Aspects of Intellectual Property Rights), an agreement administered by the World Trade Organisation. It is also similar to the definition of trade secrets under the U.S. Uniform Trade Secrets Act.
This will be a definition that is ripe for judicial interpretation by the ECJ, especially those parts emphasised in italics.
Article 4(b) – Exception for whistleblowers
One exception to the general prohibition against disclosing trade secrets is for whistleblowers. Article 4(b) explicitly permits the disclosure of trade secrets by whistleblowers, where such disclosure involves raising “misconduct, wrongdoing or illegal activity, provided that the [whistleblower] acted for the purpose of protecting the general public interest”. We anticipate that the scope of this exception will be an area of controversy.
Article 9 – Provisional and precautionary measures
This gives judicial authorities the power to take certain interim actions and precautionary measures against an alleged infringer before a decision has been made. These would include: the cessation or prohibition of the use or disclosure of the trade secret on a provisional basis; a prohibition on producing, offering or placing on the market or using infringing goods or importing or exporting infringing goods; and seizing or delivering up suspected infringing goods. The Article is silent on other interim measures that judicial authorities may have the power to do e.g. search orders, freezing orders and pre-action disclosure.
Article 11 – Injunction and corrective measures
Once the case has been decided, the Directive gives judicial authorities to grant final remedies in addition to or as an alternative to an award of damages, such as orders prohibiting the use or disclosure of the trade secret; prohibiting the production, offering or placing on the market or use of the infringing goods, or importing or exporting or storing infringing goods; adopting appropriate corrective measures with regard to the infringing goods; and destroying or delivering up of relevant documents, objects, materials, electronic files. These remedies will be familiar to UK lawyers.
Article 13 – Damages
This gives judicial authorities the power to award damages for misuse of trade secrets. Interestingly, the legislation expressly provides Member States with the option of limiting the liability for damages of employees where the misuse was unintentional.
The European Parliament has formally approved the Directive. It will now need to be endorsed by the Council of the European Union, which we expect to occur in May. Member States will then have two years to ensure that the national law is in accordance with the Directive, or implement it.
Last month, we blogged about the much discussed ECHR Barbulescu opinion. (To review the implications of the case, please click here.) As a follow up, we wanted to provide further insights to multi-national employers about how this European decision compares to the position in the United States.
Purple Communications, Inc.: the United States’ approach to Email Monitoring
In the U.S., an employee’s freedom of expression, even when using an employer-provided email, has been closely guarded in recent years by the National Labor Relations Board (“NLRB”) under Section 7 of the National Labor Relations Act. Section 7 protects any employee when they engage in “concerted activities for…mutual aid or protection.” The NLRB has made clear that certain company policies that seek to limit social media and electronic communications could infringe on these rights, or “chill” concerted activities, and are therefore prohibited (for a full review of prohibited social media policies, see here, here, or here).
In December 2014, the NLRB encountered a similar policy to the one in Barbulescu. The case, Purple Communications, Inc., asked the Board to decide whether a newly introduced policy that required company electronic systems and equipment to “be used for business purposes only” violated Section 7. The Board held that introducing a blanket prohibition against employees using company electronic systems and equipment for private purposes violated Section 7. The Board held that introducing such a blanket prohibition would chill the rights of employees to engage in concerted activities. Importantly, this decision was limited to employees who already had access to an employer’s email for business purposes, and noted that employee use can still be subject to “reasonable” restrictions (e.g., prohibiting work-time use of equipment for personal purposes, or sending oversized attachments). The decision did not address the issue of whether a new policy which imposed a blanket ban on using company electronic systems and equipment would violate Section 7. The Board also noted (similarly to Barbulescu) that employers are permitted to monitor employee use of company electronic systems to ensure productivity during work-time, so long as the monitoring is not used to impede protected activity. (You can read more analysis about the NLRB’s Purple Communications, Inc. decision here.)
Accordingly, based on Purple Communications and Barbulescu, employers in both the United States and Europe have the right to monitor an employee’s communications on company electronic systems and equipment to ensure that the employee is using work-time productively. However, in order to do so, employers should make it explicit to employees that they may monitor these systems for that purpose as part of their electronic communications and social media policies. A failure to have an express written policy creates a significant risk that any such monitoring would be unlawful: in Barbulescu, the absence of such a policy may well have led to a different decision that would have prohibited the review of personal material; the implication from Purple Communications and other decisions under the NLRB is that absent a clear policy which sets out the scope and purpose of any monitoring, it will be far more difficult for a company to satisfy the NLRB that the monitoring does not violate Section 7.