IRELAND Law and Practice Contributed by: Philip Tully, Emma Doherty, Geraldine Carr, Simon Shinkwin and Carlo Salizzo, Matheson LLP
The protection of databases under Irish law expires 15 years from the end of the calendar year in which the making of the database was completed, although updated editions of the database may successively attract a new peri - od of 15 years’ protection if a substantial new investment is present. Trade Secrets Irish law provides for the protection of trade secrets. Trade secret protection is afforded with - out registration and can last without limitation in time, generally as long as confidentiality is maintained. In order for something to qualify as a trade secret, it must satisfy three requirements. • The information must not generally be known or readily accessible in the relevant industry. • The information must have commercial value because it is secret. • The information must be subject to reason - able steps, under the circumstances, to keep it secret. Where a trade secret is unlawfully used, various remedies under Irish law, including injunctions, orders for accounts of profit, corrective meas - ures such as recall or destruction of infringing goods and damages, are available to protect the trade secret owner. A person who contravenes or fails to comply with court orders commits an offence and is liable to a fine and/or imprison - ment for up to six months. The EU (Protection of Trade Secrets) Regulations 2018 gave effect to the EU Trade Secrets Direc - tive and came into force on 9 June 2018 by way of SI No 188/2018. The Regulations provide civil remedies in circumstances where a trade secret is unlawfully used and allow for measures lim- iting access to court hearings and documents to ensure the confidentiality of trade secrets in
court proceedings, including making it a criminal offence to contravene such measures.
8. Data Protection 8.1 Applicable Regulations Principal Data Protection Laws
The principal data protection legislation in Ire - land is Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), as supple - mented by the Irish Data Protection Acts 1988 to 2018 (DPA) as amended. Irish law-specific nuances, as permitted or required under the GDPR, are set out in the DPA. These include restrictions on processing personal data relating to criminal convictions and offences, the setting of the so-called digi - tal age of consent, certain narrow derogations from data subject rights, and the administrative powers and procedures of the local supervisory authority, the Data Protection Commission. The GDPR has general application to the pro - cessing of personal data in the EU, setting out extensive obligations on controllers and proces - sors and providing strengthened protections for data subjects. The GDPR carries the potential for large fines of up to 4% of a firm’s worldwide annual turnover from the preceding financial year, or EUR20 million (whichever is higher). In May 2023, the CJEU judgment of UI v Oster - reichische Post AG (Case C-300/21) confirmed that a mere infringement of the GDPR does not give rise to the right to compensation in itself but that there must be a breach, some dam - age and a causal link between the two, as in most negligence cases. Claimants do have to prove damage of some kind in order to recover compensation for non-material loss following
390 CHAMBERS.COM
Powered by FlippingBook