The Promise and Perils of Enterprise Data as Trade Secrets

Various types of information exist as data, ready for collection and use by relevant actors. A broad distinction, however, may be drawn between personal data, derived from individuals, and enterprise data, which typically comprises large-scale collections generated or acquired by firms during business operations. Enterprise data may include proprietary business information as well as data collected from customers or the public. A growing body of literature explores legal frameworks for protecting enterprise data, though approaches vary. Jurisdictions worldwide have not reached a consensus on whether or how enterprise data may receive legal protection, despite vigorous debates. An emerging viewpoint across jurisdictions is to protect enterprise data as trade secrets, but this approach has not yet gained wide acceptance.

This Article engages with that debate and contributes to the current literature on enterprise data as trade secrets from three perspectives. First, it reiterates the potential promise of trade secret law by offering a doctrinal analysis showing how trade secret law can protect diverse forms of enterprise data in the data economy. These comprise three key categories: confidential enterprise data, private data compilations, and “semi public” enterprise data compilations, where front-end data points are publicly accessible but back-end compilations are kept private. Second, the Article explores current cases, laws, and regulations in representative jurisdictions, the United States, China, and the EU, documenting the extent to which the concept of enterprise data as trade secrets has been recognized. This positive analysis highlights the status quo: the role of trade secret law in protecting the first two categories of enterprise data has gained growing and continuous recognition, but its application to “semi public” enterprise data compilations remains limited. Third, based on the positive exploration, the Article unpacks the challenges and risks associated with applying trade secret law to “semi public” enterprise data compilations, offering explanations for its limited acceptance compared to the other two types. It argues that protecting most “semi public” data compilations as trade secrets does not serve the core theoretical aims of trade secret law. This is because extending protection to these compilations fails to yield the business efficiency necessary to justify the associated costs. Thus, normatively, the Article argues that trade secret law should only protect the type of “semi public” data compilation whose front-end access is meaningfully restricted to a limited number of users. At the same time, trade secret law cannot be used to sanction data scraping activities that do not involve intrusion into a data holder’s system or direct circumvention of genuine access restrictions. © Stanford University, Stanford, California 94305.