Unguarded Secrets: The Case for a Dedicated Trade Secret Statute in India

[Aryan is a student at National Law University, Odisha.]

In March 2024, the Law Commission of India submitted its 289th Report on Trade Secrets and Economic Espionage, recommending that Parliament enact a standalone statute on the subject. The proposed Protection of Trade Secrets Bill 2024 (Bill) has since remained a recommendation without legislative follow-through. As of early 2026, Parliament has not acted on it.

This inaction is puzzling. India has sophisticated statutes for patents, trademarks, and copyright. Yet for trade secrets, the most widely relied-upon form of intellectual property protection by businesses across size and sector, there is no dedicated law. Parties navigate through contracts, equitable doctrine, and statutory provisions not drafted with trade secrets in mind. This article argues that the current framework is structurally inadequate, that the Bill addresses the most important of its gaps, but that the Bill itself leaves three problems unresolved, the most consequential of which is its silence on the relationship between trade secret protection and the Digital Personal Data Protection Act 2023 (DPDP Act).

The Current Framework and Its Structural Inadequacy

Trade secrets in India are currently protected through a combination of the Indian Contract Act 1872, the Information Technology Act 2000, the Copyright Act 1957, and the common law doctrine of breach of confidence. The practical problem with this arrangement is not that protection is unavailable. Courts have granted relief. The problem is that protection is contingent on how the misappropriation occurred, requiring right-holders to fit their facts into a framework that was not designed for them.

The case law illustrates both the availability and the fragility of that protection. In American Express Bank Limited v. Ms Priya Puri, the Delhi High Court was asked to restrain a former head of wealth management from using or disclosing customer data and financial portfolios she had handled during her employment. The court declined. While it accepted that trade secrets are "a formula, technical know-how, or a particular manner or practice of business established by an employer which is inaccessible to others," it held that generally available customer contact details did not satisfy this standard. The confidentiality clause was not the problem. Section 27 primarily renders void agreements in restraint of trade, such as post-employment non-compete clauses, while confidentiality obligations are generally upheld where they are narrowly tailored to protect genuine trade secrets. The case turned on simpler ground: the customer contact details the employee handled did not qualify as trade secrets because they were not inaccessible to others in any meaningful sense.

In Desiccant Rotors International Private Limited v. Bappaditya Sarkar and Another (Delhi High Court, 14 July 2009), the defendant had signed a confidentiality agreement explicitly acknowledging access to the plaintiff's trade secrets, processes, and customer data. The court injuncted disclosure of genuinely proprietary technical information but refused to prevent the defendant from working in the same industry, holding that the employer's attempt to protect itself from competition must yield to the employee's right to seek employment freely. Taken together, the two decisions reveal a consistent pattern: courts will protect trade secrets where the information clearly qualifies and a carefully drafted agreement exists. But without a statute, the definition of what qualifies is judge-made, the remedial framework is borrowed from general contract and equity, and smaller businesses without sophisticated agreements have very limited recourse.

The international dimension compounds the domestic one. India has repeatedly appeared on the United States Trade Representative's Special 301 Watch List for inadequate trade secret protections. India's obligations under Article 39 of the TRIPS Agreement require protection of undisclosed information that is secret, commercially valuable, and subject to reasonable confidentiality measures. The absence of a statute does not itself constitute a breach, but it makes compliance with Article 39 contingent on judicial discretion rather than a clear statutory standard.

What the Bill Gets Right

The Bill's central contribution is a statutory definition. Information qualifies as a trade secret where it is not generally known or accessible to those who would ordinarily deal with it, has commercial value by reason of that secrecy, and has been subject to reasonable steps to keep it confidential. This three-part standard mirrors Article 39 of the TRIPS Agreement and tracks the EU Trade Secrets Directive 2016/943. Without a statutory standard of this kind, the outcome in cases like American Express Bank and Desiccant Rotors turned on whether the information satisfied a common law test that courts applied inconsistently and without legislative guidance.

The Bill also creates misappropriation as a standalone cause of action, extending liability beyond the primary wrongdoer to those who knowingly receive or use misappropriated information. This matters because stolen trade secrets rarely stay with the person who took them. The remedial provisions are broadly appropriate: injunctions, damages, disgorgement of profits, and confidentiality orders during litigation, which address the practical problem that litigating a trade secret dispute can itself destroy the value being protected. Reverse engineering and independent discovery are recognised as defences, preserving the competitive process.

The Unresolved Conflict with the DPDP Act

The most consequential gap in the Bill is its complete silence on how trade secret protection interacts with the DPDP Act. Under Section 8 of the DPDP Act, every data fiduciary bears absolute, non-delegable responsibility for compliance, including the obligation under Section 8(7) to conduct periodic reviews of data retention and erase data no longer required for its stated purpose. Section 12 separately codifies the right of a data principal to demand erasure of her personal data unless retention is necessary for the specified purpose or required by law. The Bill says nothing about how these obligations apply when the data being retained is also a trade secret.

The conflict with trade secret law arises in a category of cases that is entirely foreseeable and growing in commercial significance. Many commercially valuable datasets qualify as trade secrets. The conflict is most acute where such datasets are not fully anonymised but remain identifiable or capable of re-identification. In such cases, the data is better understood as pseudo-anonymised, to which the DPDP Act would continue to apply. A fintech company's proprietary credit-scoring database, a healthcare platform's aggregated patient-behaviour dataset: in each case the dataset may be a trade secret within the meaning of the Bill, and it may simultaneously consist of, or be derived from, the personal data of identifiable individuals. When a data principal exercises her right to erasure under Section 12 of the DPDP Act, the fiduciary faces a direct conflict: the trade secret framework incentivises retention; the DPDP Act, on a straightforward reading, requires deletion.

The DPDP Act does contain a partial carve-out: a data fiduciary may process personal data without consent for employment purposes, including maintaining the confidentiality of trade secrets. But this provision governs the basis for collection and retention; it does not resolve what happens when a data principal demands erasure once the employment relationship ends, or when the data principal is a customer rather than an employee. On that question, both statutes are silent. The Bill should address it directly, by requiring a fiduciary asserting trade secret protection against an erasure demand to demonstrate the conflict to the Data Protection Board, which could then authorise limited retention subject to enhanced safeguards and a sunset period. This mirrors the proportionality mechanisms built into several European implementations of the EU Trade Secrets Directive and would allow the two regimes to operate without one systematically overriding the other.

Two Further Gaps Worth Addressing

Two further gaps warrant attention. The Bill does not designate a specialised forum for trade secret disputes, meaning cases will default to Commercial Courts under the Commercial Courts Act 2015. Those courts have general commercial competence but are not well suited to the technical complexity that frequently arises in pharma, software, or manufacturing disputes. The Defend Trade Secrets Act 2016 routes federal trade secret claims through experienced district courts; the Bill should at minimum provide for technical assessors in complex cases. Separately, the Bill sets no outer limit on the duration of post-employment confidentiality obligations. The cases in Section II show that Indian courts already struggle with this tension under Section 27 of the Indian Contract Act 1872. A statutory cap, or at least a proportionality test tied to the sensitivity of the information, would reduce the volume of litigation and give both sides clearer guidance.

Conclusion

There is a reasonable argument that India's courts have managed trade secret disputes adequately without a dedicated statute. The cases discussed above show that relief is available to parties who have planned for it. However, "adequate" protection for well-resourced parties with carefully drafted NDAs is not the same as a reliable legal framework. MSMEs without the resources for patent registration, startups whose entire commercial value rests on a single process, and inventors without a contractual relationship with the party who misappropriates their idea are left exposed.

The Protection of Trade Secrets Bill 2024 addresses the structural core of this problem. It will be incomplete, however, unless Parliament resolves the conflict with the DPDP Act, considers adjudicatory specialisation, and sets a legislative limit on post-employment obligations. The Law Commission has done the analytical work. The longer Parliament defers, the longer the burden of filling a statutory vacuum falls on courts working with instruments that were not built for the purpose.