Group of people laughing on bridge.

Banks beware: IP rights may trump customer confidentiality

27 November 2013. Published by David Cran, Head of IP & Tech

The German Supreme Court has recently asked the Court of Justice of the European (CJEU) whether a bank can refuse to disclose confidential information about one of its customers to a third party who alleges that the customer is using the bank's services to sell counterfeit products and infringe the third party's trade marks.

In essence, the reference asks the CJEU to resolve an apparent conflict between banking regulations concerning customer confidentiality and Article 8 of European Directive 2004/48/EC (the Enforcement Directive) which requires the disclosure of information to a third party in order that it can deal with intellectual property infringement.


In January 2011, an official licensee of the Davidoff brand of perfumes was alerted to an unknown eBay seller offering counterfeit bottles of perfume for sale under the name "Davidoff Hot Water".  After purchasing some examples of the counterfeit perfume and attempting to engage with the unresponsive seller, the licensee requested that the seller's bank, Sparkasse bank, disclose the identity and contact details of the seller.  Sparkasse bank refused to disclose the account holder's identity, relying on the principle of bank secrecy.  The licensee then sought disclosure of Sparkasse bank's customer information pursuant to section 19(2) of the No. 3 German Trademark Act 1995 which implements Article 8 of the Enforcement Directive.  Article 8 grants intellectual property owners the right to information about an infringer of their intellectual property rights.

The German proceedings can be compared to English court procedures, where there is a well-established process of claimants seeking and obtaining court orders (known as Norwich Pharmacal orders) against third parties who hold documents or information relevant to the infringement (even if they themselves are innocent of such activity).  Recent examples in the UK have included copyright holders obtaining court orders compelling Internet Service Providers (ISPs) to reveal the identities of individual subscribers suspected of distributing or downloading unauthorised or pirated works over their networks.  Generally, once the principle and appropriate form of orders are established, ISPs are prepared to allow these English applications to proceed without too much argument.  The same cannot be said for Sparkasse bank in Germany.


The CJEU's judgment on this issue will be highly relevant to banking institutions with operations across Europe.  The key question for the CJEU to decide is whether it is proportionate, in these circumstances, for the right to protect intellectual property to outweigh the right to protect personal data and confidential information, thereby requiring the bank to disclose the information.

The English courts have shown through the use of Norwich Pharmacal orders that they consider there are instances when the rights of an intellectual property owner should prevail over who hold confidential customer information and indeed over the rights of the customer himself, although they will continue to consider whether such disclosure is proportionate and weigh the competing rights between the interested parties as part of that exercise.

This referral to the CJEU may well establish a more uniform approach to such matters across the EU, and resolve the conflict between these important rights: on the one hand, banking secrecy, which has traditionally been held sacrosanct in many jurisdictions; on the other, the protection of intellectual property rights and ensuring that rights holders have effective remedies to deal with infringers.