云计算环境下商业秘密保密措施的合理性认定

Reasonableness Identification of Trade Secret Confidentiality Measures in Cloud Computing Environment

云计算业已成为企业数字化转型的必然选择,作为信息存储处理技术的云计算出现与应用使得商业秘密保密措施合理性认定趋向复杂化。商业秘密信息管理权的部分移转使得云服务提供商进入认定考察视野,云服务提供商对“上云”信息内容接触权的保留及保密责任的明示排除,构成了保密措施合理性认定的障碍,传统的合理性认定之框架与方法有待重塑。基于保密措施的财产公示与防止过度保护的设定逻辑以及合理性之相对性与经济性内涵,结合促进云计算产业发展,遵循网络中立原则与考察权利人保密意思的因素考量,云计算环境下商业秘密保密措施合理性的认定应将信息“上云”行为做出信息移转与内容披露的类型化区分,在此基础上建构以信息“上云”行为的类型,云服务提供商是否负有保密义务,权利人采取保密措施情况为分析步骤的三步分析法。

Cloud computing has become an inevitable choice for the digital transformation of enterprises.The emergence and application of cloud computing as information storage and processing technology complicate the reasonableness identification of trade secret confidentiality measures.First,the partial transfer of the management right of trade secret information makes cloud service providers enter the view of identification.Second,the retention of the right of access to the information content of“uploading to the cloud”by cloud service providers may lead to the risk of expanding the scope of confidential information to be known indefinitely.Third,the express exclusion of confidentiality responsibility by cloud service providers constitutes an obstacle to the reasonableness identification of confidentiality measures.The traditional framework and method of reasonableness identification need to be reshaped.Based on the logic of property disclosure of confidentiality measures and the relativity and economic connotation of reasonableness to prevent overprotection,combined with promoting the development of cloud computing industry,following the principle of net neutrality and considering the factors of examining the meaning of the right holder’s confidentiality,behavior of uploading information to the cloud should be divided into information transfer or content disclosure in order to determine the reasonableness of trade secret confidentiality measures in cloud computing environment,and a three-step analysis method should be constructed.The first step is to determine that the type of information“uploading to the cloud”is information transfer or content disclosure based on the subjective and reasonable expectation of the right holder,the environment setting of cloud service products,and the actual information being known.If the behavior of“uploading to the cloud”is judged as information transfer,it means that the right holder has not shared and disclosed confidential information with cloud service providers,and the reasonableness identification directly enters the third step.If the behavior of information“uploading to the cloud”is identified as content disclosure,the reasonableness identification should enter the second step.The second step is the analysis of whether cloud service providers bear the confidentiality obligation,which mainly investigates whether cloud service providers bear the express or implied confidentiality obligation to the right holder.The third step is the analysis of the confidentiality measures taken by the right holder,which mainly focuses on the analysis of the enterprise type and industrial characteristics of the right holder,whether the trade secret information is defined and managed differently,whether appropriate confidentiality measures are taken according to the characteristics and value of trade secret information,and whether systematic risk assessment and prevention and control measures are taken.