Understanding Patent Law in Italy: Software and Data Processing Technologies

Patents, Copyrights, and Trade Secrets: Key Differences

Software and data processing algorithms may be eligible for different or multiple forms of intellectual property (IP) protection under Italian law. Choosing the correct protections depends on the nature of the innovation, the intended use, and the timeframe of its development. In many cases, organizations should consider a hybrid approach—combining multiple forms of IP—to guarantee they will receive maximum protection.

Patents

Patents protect inventions that are new, innovative, original, and offer a non-obvious solution to an unsolved technical problem. More specifically, patents give inventors the exclusive right to produce an invention and earn profits on it. The inventor also has the exclusive right to sell the invention, but this expires immediately after the product is put on sale in the European Union (EU). When it comes to software, organizations may patent technological innovations, such as: 

• Algorithms that produce a technical effect
• Data processing methods that solve a technical problem
• User interfaces that produce measurable technical results
• Other technological systems that implement new technical functionalities

In Italy, patents are governed by Title 2(4) of the Industrial Property Code and administered by the Italian Patent and Trademark Office, or UIBM. Patents may also be reviewed and granted by the European Patent Office (EPO) in some cases. Additionally, patent protection lasts 20 years after the filing date (rather than the issue date), is only valid in the country or territory where they are filed (there is no “universal patent application”), requires a detailed public disclosure process, and necessitates a long, costly application process.

Patents allow an organization to receive strong, enforceable, short-term protection over its innovation. However, in order for a patent to be lawful, it must be aligned with public interest, morality, and ethical principles. Additionally, it should satisfy the three key criteria for patentability:

• Utility or usefulness: useful in the relevant industry and has a practical, industrial application in said industry
• Novelty or originality: a new creation not in the “state of the art” or anything that is within the public domain in Italy, prior to the filing date
• Non-obviousness: not obvious to someone of ordinary skill in the relevant field, nor a logical progression of a prior invention, simple algorithm, or mathematical function

Copyrights

Protection can be extended to numerous forms of written or oral expression, including academic, musical, performative, photographic, and other types of works. More specifically, Article 1(2) of the Italian Copyright Statute (Law No. 633/1941) categorizes software creations as “literary works,” which may include:

• Source code, object code, or compiled code
• Computer programs or applications
• Screen layouts and visual elements
• User manuals or documentation 

In Italy, copyright law falls under the Italian Copyright Statute and is also subject to EU directives such as 2009/24/EC. Additionally, Italian copyrights last for the author’s lifetime plus an additional 70 years. Thus, compared to patents, copyrights allow for weaker, but longer-term protection.

Trade Secrets

Trade secrets offer protection on confidential information that has commercial value, which individuals take “reasonable efforts” to protect and maintain the secrecy of. However, they do not protect against legal reverse engineering or independent discovery of the same or similar product. Specifically, software and technological programs that may be preserved as a trade secret include:

• Algorithms not publicly disclosed
• Datasets used for training artificial intelligence (AI) models
• Internal technological processes

In Italy, trade secrets are governed by Title 2(7) of the Industrial Property Code as well as the EU Trade Secrets Directive (2016/943). One significant characteristic of trade secrets is that they have no specified expiration date. Instead, an organization loses protection once a secret is released, leaked, or unintentionally disclosed. Additionally, organizations do not need to register, publicly disclose, or pay to keep a trade secret.

Trade secrets provide an organization with strong and infinite protection for an innovation that is adequate for patent protection. In order to be considered a trade secret, an item must:

• Remain a secret or not generally known or easily accessible
• Retain commercial value due to its secrecy
• Rely on reasonably protective measures, such as NDAs, restricted access, or encrypted storage

The remainder of this article zones in on patent protection because it is the fundamental means for protecting innovations from replication and competition by other organizations. In particular, it is important to understand how to meet the requirements for patentability and the patent application process within the context of GDPR requirements.

When Is Software Patentable?

The UIBM often refers to the EPO standards when assessing patent applications regarding software and computer programs. Generally, the EPO prohibits patenting software under Article 52(2)(c) if claimed “as such.” However, there is an exception. Software may be patentable when it contributes a “further technical effect” beyond the standard or obvious outcome of running the software. In other words, the software must do more than merely process the data or simply present the information in a succinct format. Otherwise, these instances would be considered simple algorithmic functions because they are obvious to a person of ordinary skill and do not have any novel industry applications. Some examples of software that could produce a “further technical effect” include:

• A computer program that controls an anti-lock braking system in a car
• A program that measures emissions using an X-ray device
• Software that compresses video files, restores distorted digital images, or improves noise reduction
• A program that encrypts electronic communications to improve cybersecurity measures
• Software designed to work with the computer’s specific hardware architecture
• A program that protects boot integrity during system startup
• Software that controls the internal functioning of a computer, such as memory allocation
• Low-level development tools, such as compilers or builders, that regenerate only the modified parts of programs, to save system resources
• Graphical User Interface (GUI) innovations that substantially enhance the way information is presented or interacted with

Although the above examples may produce a significant “further technical effect,” the patentability ultimately depends upon whether the software is a useful, original, and non-obvious extension of prior innovations and discoveries. 

The Italian Patent System

Patent law in Italy is primarily governed by the Industrial Property Code, which is locally known as Codice della Proprietà Industriale. Additionally, organizations file patents through the UIBM. However, as mentioned earlier, the EPO may further review software patents. In general, Italy’s patent application process can be simplified into five essential steps.

• Filing the application: Including technical descriptions, claims, and drawings
• Formal examination: The EPO reviews for accuracy, patentability, and risk of infringement
• Search and search publication: The EPO published the application and search results, typically within 18 months of filing
• Amending claims: After receiving the search report, organizations may amend the claims before the UIBM continues its review of the application
• Grant or rejection, the EPO either grants or rejects the patent application and, if accepted, the National EPO validates the granted European patent to make it effective in Italy

The process can also be broken down into several more detailed steps, as outlined by the EPO:

In Italy, patents become public after 18 months and are valid for 20 years from the filing date as long as the organization pays annual patent renewal fees. Once a patent is approved, organizations possess the exclusive legal right to produce, use, and distribute the invention.

GDPR Role in the Patent Application Process

Personal Data Minimization and Secure Processing

The data minimization principle under Article 5(1)(b-c) of the GDPR instructs that all personal data collection and processing be limited to what is necessary, accurate, and for “specified, explicit, and legitimate” purposes. Therefore, documents such as patent applications, technical descriptions, or test results should not contain superfluous personal information. To comply with this, companies can pseudonymize outputs containing personal data. Additionally, data processing must remain lawful and transparent to consumers under GDPR Article 6(1). Including personal data in patent documents that is unnecessary or consumers did not consent can violate GDPR requirements.

Consumer Privacy Standards

If an invention involves software or data processing technologies, it must embed essential consumer data protections. Article 25 requires organizations to implement “data protection by design and by default,” which entails multiple implications when it comes to an invention’s ability to keep data private:

• Implement technical and organizational measures to protect personal data, such as encryption technologies and pseudonymization of data
• Limit data access and retention by third parties
• Ensure the highest privacy standards for consumers automatically

Public Disclosure of Personal Data

Patent filings are published 18 months after the filing date. Including personal information in technical patent applications can lead to the unauthorized exposure of personal data in violation of the GDPR. According to Articles 33 and 34 of the GDPR, organizations must notify the supervisory authority in the event of a data leak, breach, or unauthorized exposure, or risk penalties for non-compliance. To avoid said data leaks, organizations should anonymize sensitive documents, avoid using personal identifiers in documentation, and review such risks when drafting IP documents.

Assessing High-Risk Data Processing Technologies

When an invention demands a level of data processing that poses a high risk to consumers’ privacy rights, organizations are required to conduct a Data Protection Impact Assessment, or DPIA, under Article 35(1) of the GDPR. DPIAs are especially important when data processing is conducted:

• On a large scale
• Involves systematic and extensive consumer evaluation, such as profiling
• Processes special categories of information, such as health or financial data

In short, organizations can use DPIAs not only to maintain compliance throughout the patent process but also as a proactive, risk management tool. DIPAs can reinforce the technical validity of a software, allowing the organization to avoid fines up to 20 million euros for GDPR non-compliance.

International Data Transfer Regulations

Many patentable software and data processing technologies rely on international data transfers and cloud-based applications. Articles 44-50 of the GDPR outline several guidelines for transferring personal data to third parties or international organizations. Thus, before transferring data to such entities, it is vital to inform consumers and ensure the receiving organization has adequate consumer data protections in place, per GDPR Article 45. Moreover, to safeguard data during transfers, Article 46(2)(c-d) orders that standard data protection clauses be in place.

Maintaining GDPR compliance is not only important to avoid fines, but also to minimize costs, complications, and product redesigns throughout the patent application process. Therefore, when organizations remain GDPR compliant, the patent application process is more efficient, and the organization can maximize the exclusive rights over its invention.

How Italian Organizations Can Protect Data Processing Technologies

There are several strategies that Italian organizations, especially small and medium-sized enterprises (SMEs), should consider to jointly protect their legal rights and remain aligned with their data-driven responsibilities. 

Hybrid Approach

One practice for securing strong legal protection over software innovations is adopting a hybrid approach. Patents, copyrights, and trade secrets each have distinct benefits and drawbacks. However, when combined effectively, organizations can maximize these benefits by ensuring that all the elements of an invention receive adequate protection: from the initial code to partial elements to the entire processing system. Such an approach could look like:

• Patent protection for the core technical innovation
• Copyright protection for the underlying source code and related creative documentation
• Trade secret protection for the confidential elements that are undisclosed in the patents

Strategic Intellectual Property and GDPR Compliance Plan

Another potential practice for securing legal rights over software innovations is outlining a strategic IP and compliance plan. This plan is an effective practice because it jointly considers IP filing requirements with the GDPR requirements. Although there is no specific way to develop this plan, some key considerations that organizations should make include:

• Conducting a patentability assessment, looking for usefulness, non-obviousness, novelty, and technical feasibility with the GDPR
• Avoid personal data exposure in patent-related documents 
• Filing nationally, regionally, and internationally, although only the UIBM application is required, filing with the EPO may offer broader protections. Additionally, firms should file in foreign countries to open the door for international growth in the future
• Ensuring internal compliance with the GDPR by involving the Data Protection Officer, or DPO, in all software data-related communication
  • Outsource DPOs from external firms for a broader, more comprehensive understanding of the current legal environment and upcoming changes
• Maintain detailed documentation and important internal records of both technical developments and compliance decisions

Cross-Border and International Considerations in Patent Law

European Patent Office (EPO)

The European Patent Office (EPO) plays an important role for Italian organizations seeking broader protection across Europe. A patent granted and verified by the National EPO is valid in Italy as well as other EU countries, streamlining and simplifying the patent process. There are several key advantages of filing a patent with the EPO, including:

• Clear and uniform standards, including more precise guidelines on software-related inventions and their GDPR compliance
• Centralized authentication, reducing administrative burdens and delays in the patent process
• Broader protections for innovations across a variety of countries and industries

Unitary Patent System

In February 2017, Italy became the 12th country to ratify the Unified Patent Court Agreement (UPCA), further opening the door for an easier, one-stop solution for patent applications. Later, in 2023, the Unitary Patent System officially launched, offering uniform patent protection across all 18+ participating EU countries. The system offers an agreed-upon “patent package” which grants a unitary effect across the EU, establishes the language applicable to the unitary patent, and sets up the Unified Patent Court as a single, specialized patent jurisdiction for EU countries

The Unitary Patent System opens the door for additional patent agreements between countries, including a universal patent application in the future. After all, granting patents uniformly offers several advantages both to organizations and governments.

• Simplifies the patent application process, eliminating the need for complex national validation procedures
• Reduces costs to file, review, and prepare patent applications, which can encourage organizations to seek broader protections
• Encourages organizations to seek broader protections at a lower cost
• Minimizes legal ambiguities between patent systems in different countries
• Boosts innovation and investment by making the patent application more affordable and widely available

In addition to filing patent applications through multiple authorities, it is also vital that organizations keep in mind Articles 44-50 of the GDPR, which, as mentioned earlier, define data transfer rules with international organizations or countries.

Conclusion: Maintaining Data Compliance Throughout the Patent Application Process

Italian organizations looking to patent software and data processing technologies must jointly consider how to obtain the most comprehensive legal protections and remain in compliance with the GDPR. While the Italian Patent System, governed by the UIBM and EPO, offers robust ways to safeguard technological inventions, organizations must simultaneously address GDPR obligations when designing, documenting, and patenting data-driven tools.

At A.L. Assistenza Legale, our lawyers are experts on both intellectual property law and GDPR compliance in Europe. We assist clients in obtaining adequate and comprehensive IP protection as well as adjusting data processing systems to be compliant with the GDPR. By aligning our clients’ legal, technical, and compliance strategies early in the innovation cycle, we them secure their competitive advantage and build consumer confidence in an increasingly privacy-conscious marketplace. If you have any questions about IP or GDPR compliance, feel free to contact us!