- Reading time 3 Minutes
Large Language Models (LLM) such as ChatGPT can be used, inter alia, in order to generate automated texts or efficiently structure one’s research; many more applications are possible. Consequently, it is to be expected that a company’s employees might use such programs – partly in a considerate and reasonable manner, but partly thoughtless and without any real benefit – and thereby, consciously or unconsciously, integrating trade secrets into prompts provided to the AI.
In order for a business secret to be protected, the German Act on the Protection of Trade Secrets (“GeschGehG”) requires, among other things, that the information in question must be “subject to secrecy measures that are reasonable under the circumstances”. The owner of the trade secret must therefore actively take measures to protect the secret from any third-party access. These measures must be documented in order to be able to prove them if necessary.
Trade secrets can include a wide variety of information, from specific customer data to design drawings, work instructions, recipes, etc., to calculatory bases for pricing strategies or background information for marketing campaigns.
This is due to the fact that the explicit opt-out is in any case deemed to be an appropriate measure to protect the secret; indeed “appropriate secrecy measures” as defined by the GeschGehG might even require to completely refrain from entering trade secrets into third-party software products that are allowed to use these secrets (even only in parts). This in turn means that such “reasonable secrecy measures” also include taking organizational measures preventing such entries.
Check secrecy protection
In light of the above, companies should review their employment contracts, internal guidelines and work instructions on the protection of secrets as well as on the permitted use of the Internet (AUP). At the same time and in addition, it should be questioned whether, to what extent and by which employees the use of ChatGPT or other AI applications makes sense for the company. Based on the result of this evaluation, the use of such AI tools can be generally prohibited for certain groups of employees as a supplementary measure for the protection of secrets, and access to these tools can also be technically restricted or excluded.