Lexicon > Privacy

IT Lexicon

Privacy

Confidentiality is the obligation not to communicate information about individuals to third parties who do not have the right to know it.

In France, the obligation of confidentiality must be binding and can thus result from a legal provision or an agreement (commonly called Confidentiality Agreement or NDA).

A confidentiality clause can also be directly integrated into certain agreements and is usually included in service agreements or employment agreements.

This civil obligation may be provided for in an agreement or imposed on a person by virtue of his or her profession (attorney-clientprivilege).

  • Contractual obligation

A person or a company can be led to develop a product or a service within the framework of its work which requires a technical knowledge and to call upon a third party for its realization.

In order to preserve its knowledge and its project, the designer will be able to impose obligation of secrecy, which often continues beyond the term of the agreement (the duration of the obligation must be provided for contractually by a specific clause to avoid any doubt in the event of litigation – failing this, the contractual provisions will be interpreted by the judge with regard to the will of the parties).

These are confidentiality agreements, also called NDA (Non Disclosure Agreement).

Confidentiality can be particularly important for certain projects, especially for creations that cannot be protected by intellectual property rights, such as recipes.

In fact, in principle, recipes are not considered protectable under French copyright law. Each recipe has a list of ingredients followed by preparation instructions, which is akin to know-how.

Preserving the confidentiality of recipes allows to keep an exclusivity on its commercial exploitation.

It is therefore necessary to keep it secret and to put in place confidentiality agreements with those who have access to the recipesThe content of these agreements must be drafted in a clear and precise manner to avoid any questioning of the very existence of the confidentiality obligation or its duration in the event of a dispute.

The lack of such an undertaking is likely to deprive the injured co-contractor of his right to take action against the co-contractor taking over his creation or know-how without authorization.

It is also recommended that receipts be deposited by way of an affidavit in order to provide evidence of a definite date of realization.

However, if the commitment to confidentiality is not complied with, the injured contracting party may only bring an action for contractual liability against the contracting party for non-performance of the terms of the agreement, possibly by unfair competition if the debtor of the confidentiality obligation offers for sale the same product(s) and/or service(s), or uses what is confidential information.

These actions are provided for in articles 1231-1 and following and 1240 of the french Civil Code.

However, once disclosed, the owner of the original creation may be copied by third parties to the agreement if they have knowledge of the confidential information, so that he loses the exclusivity on his product, his creation process etc…

  • Statutory obligation

The obligation of confidentiality also arises from a statute, without being provided for in an agreement, as is the case for the lawyer.

Indeed, all exchanges and correspondence between lawyers, whether verbal or written, are by nature confidential.

The confidentiality of the lawyer is one of the pillars of his ethics.

Article 2 of the National Rules of Procedure states that “subject to the strict requirements of his own defense before any jurisdiction and the cases of declaration or disclosure provided for or authorized by law, the lawyer shall not, in any matter, make any disclosure contrary to professional secrecy.

Confidentiality protects the client who, through his counsel, can negotiate freely. It also allows the lawyer to protect himself against any action aimed at engaging his professional liability.

  • Legal obligation

In France, the law expressly provides, since the Ordinance of February 10, 2016 reforming contract law, for confidentiality provisions in the conduct of negotiations prior to the conclusion of an agreement.

Article 1104 of the french Civil Code provides that “agreemnts must be negotiated, formed and performed in good faith”.

From this obligation flows the new article 1112-2 of the french Civil Code provides that “anyone who uses or discloses without authorization confidential information obtained in the course of negotiations is liable under the conditions of ordinary law”.

Confidentiality of personal data

In terms of personal data, confidentiality is defined as the ownership of any category of information that is not available or disclosed to unauthorized users, entities or processes.

Along with integrity, confidentiality is one of the main principles relating to the processing of personal data enshrined in the GDRP, especially on the Internet via websites and on various devices (tablet, smartphone) via applications (settings related to content displayed on websites, navigation, search engines, ads, cookie, user data security, privacy settings etc.).

Indeed, data controllers (for example a search engine such as Google – CJEU – May 13, 2014, Case. C-131/12) and processors should, as appropriate, implement technical and organizational means to ensure the confidentiality, integrity, availability and ongoing resilience of processing systems and services.

In addition, persons authorized to process personal data should be required to give a prior commitment to confidentiality or be subject to an appropriate legal obligation of confidentiality.

For example, the Microsoft privacy statement details what personal data is collected by the software developer and how it is used.

The loss of confidentiality of an information can lead to risks for the rights and freedoms of individuals, but also create a significant economic or social damage for the organizations concerned.

In any event, the loss of confidentiality of personal data constitutes a data breach under the GDPR, and therefore must be treated as such by the relevant controller or processor.

We use digital tools in our daily activities, whether it’s to book a restaurant, make a doctor’s appointment, subscribe to an Internet service, buy items online, check our bank accounts, or listen to music.

It was therefore necessary to provide an effective framework for the collection, distribution and processing of personal data.

GDPR Point

“Personal data should be processed in a manner that ensures appropriate security and confidentiality, including preventing unauthorized access to and use of such data and equipment used for processing.”

Recital 39 of the GDPR

Point on business secrecy

The Business Secrecy Directive (EU) n°2016/943 has given rise to a new article of the french Commercial Code, article L.151-1 resulting from law n°2018-670 of July 30, 2018 and which provides that:

Any information meeting the following criteria is protected as a business secret:

(1) It is not, in itself or in the exact configuration and assembly of its elements, generally known or readily available to persons familiar with this type of information because of their industry;

2° It has a commercial value, actual or potential, because of its secret nature;

(3) It is subject to reasonable safeguards by its lawful possessor under the circumstances to maintain its secrecy.

The Bouchara firm assists you in particular in :

  • Drafting confidentiality agreements;
  • Conducting negotiations with your partners;
  • Protection and optimization of your intellectual property assets;
  • Strategies for protecting and defending intellectual property assets;
  • Negotiation and drafting of intellectual property agreements;
  • Compliance with the performance of contractual obligations;
  • Civil actions for liability in case of non-performance or improper performance of contractual obligations ;
  • Unfair competition actions.