OnlyFans is a goldmine for content creators, and recently it has been generating revenue for legal professionals too with the Commercial Court decision in Infinni Innovations SA v OFMS Ltd & Ors, a case which highlights how important it is to act fast where confidential information is concerned. In our previous article we explored the case in detail; in this piece, we explain what content owners can do in practice to ensure effective protection for confidential information.
The claimant operated a CRM platform used by agencies managing OnlyFans creators, and alleged that the defendants had unlawfully accessed and scraped large volumes of commercially valuable data (including customer “fan notes”, messaging scripts and analytics) for their own competing platform.
The Court continued an ex parte injunction obtained by the claimant restraining use of its data. However, it narrowed the scope of the injunction significantly on the basis that to prohibit all use of the scraped data on the defendants’ platform pending trial would have an undue impact on clients and third parties (including OnlyFans content creators) who were already using it. Even though the Court found that the claimant had not delayed in seeking the injunction (once it knew what had happened), the status quo was now that at least some of the scraped data was in use and could not easily be withdrawn without undue harm to customers.
The case is a helpful reminder that, even if you act fast, it may not be possible to put the cat back in the bag.
If a breach does occur, act quickly: speed is critical.
The quicker the source and extent of the breach is identified and contained, and the sooner injunctive relief is sought, the better the likely outcome. Preserving evidence along the way is also key. The Infinni Innovations decision highlights that even if you do everything “right” when seeking legal remedies, once confidential information is in actual use in a competing service or product, legal remedies may be of limited help in practice.
It also pays to think beyond confidentiality. For example:
Does the information include personal data (engaging UK GDPR obligations)?
Are there any IP rights (e.g. copyright and database rights) that can be asserted even if some of the information taken is not (or ceases to be) confidential?
Are you subject to regulatory or reporting obligations?
Prevention is better than cure
What practical steps can businesses take to protect their confidential information and minimise the risk of a breach?
Use contractual obligations wherever possible. Confidentiality clauses remain the first line of defence and provide clarity, enforceability, and (critically) a basis for injunctive relief. However, beware of defining confidential information too widely as this can dilute both the credibility and enforceability of the restrictions. Courts are more willing to protect clearly identified, genuinely commercially sensitive information.
Non-disclosure agreements: get the basics right. NDAs are often treated as boilerplate, but think carefully about their scope, purpose and duration. Include clear requirements on return/destruction of information and avoid confusing confidentiality obligations with exclusivity periods, IP ownership and restrictive covenants.
Effectively control and monitor access. The court will look closely at what steps were taken to protect the information, as this goes directly to whether it qualifies as a trade secret.
Audit and identify your key information. What genuinely has value as a trade secret?
Limit access. Who really needs to know the information and can you apply role‑based permissions? Use encryption, access controls, monitoring tools and segregate data to maximise security.
Consider “seeding ” your data, using traceable markers or unique data points to identify leaks and unauthorised use.
Ensure you have robust processes to identify suspicious use or extraction of data by departing employees and contractors, and act quickly if red flags are raised.
Align confidentiality across commercial relationships. Confidential information rarely sits in one place. It flows across multiple agreements including employment contracts, consultancy and service agreements, software licences and collaboration agreements. Key issues to look out for are:
Consistency of definitions and scope
Clarity on ownership and control
When and how disclosures are permitted
In modern data‑driven businesses, confidential information is rarely static or neatly contained. It is created collaboratively, stored digitally, and exploited competitively. That makes protection harder but also more important.
