The Competition Authority (“Authority“) published the Guidelines on Digital Data Review During Dawn Raids (“Guidelines“), which the Competition Board (“Board“) accepted and published on its official website on October 8, 2020. The Guidelines provide information on procedures to be followed during the Competition Authority’s dawn raids, particularly on the review of electronic data.
What Do the Developments Mean?
The Guidelines clarify the following matters for the Authority’s dawn raids:
- Scope of review: The Competition Head Expert, Competition Expert and Competition Assistant Expert (“Case Handlers“) can review servers; laptop/desktop computers; portable communication devices; CDs; DVDs; USB drives; external hard drives; backups and cloud services that belong to the undertakings or association of undertakings.
- Use of forensic review tools: Case Handlers can utilize the undertakings’ keyword search tools or forensic review software and hardware running on the undertakings’ systems, allowing for in-depth review of the undertakings’ digital records (i.e. electronic discovery, eDiscovery, capabilities provided by Microsoft 365 cloud services) during their review.
- Review of portable communication devices: Case Handlers may carry out a brief search on portable communication devices (cell phones, tablets, etc.) to determine whether there are any digital data on these devices that belong to the undertaking. Devices that do not have any data belonging to the undertaking may not be reviewed. Accordingly, portable communication devices that are used solely for private purposes may not be reviewed. The review of a portable communication device will be carried out through forensic review tools if the portable device has data belonging to the undertaking. The Guidelines state that review of portable communication devices should be completed on the undertakings’ premises.
- Responsibilities of the undertaking: The undertaking should prevent any interventions or changes to the data subject of the review as well as the review medium. Additionally, the Guidelines request that the undertaking provide “full and proactive support” on informing the Case Handlers about its information technologies software and hardware; provide administrator rights on the undertaking’s systems; provide remote access to its employees’ e-mail accounts; isolate computers and servers from the network; restrict user access to employees’ corporate accounts; and restore corporate backups.
- Continuing review on the Authority’s premises: Case Handlers may choose to continue the electronic review at the forensic informatics laboratory at the Competition Authority’s premises. The Guidelines state that data collected from the undertaking should be made into three exact copies certified by identical hash values. One of these copies should be given to the undertaking while the other two are taken into the Case Handlers’ custody in a sealed envelope. The Guidelines indicate that a written invitation will be sent out to the undertaking so that undertaking’s representative may be present during the opening of the sealed envelope and review of the undertaking’s data at the Competition Authority’s premises.
The Guidelines also state that undertakings may apply to the Competition Authority regarding any trade secrets contained in the copied documents, as it is the settled practice, regardless of whether these documents have been included in the case file from their review at the undertaking’s or on the Authority’s premises. Undertakings may apply to the Competition Authority under the Communiqué No. 2010/3 on the Right to Entry to the File and Protection of Trade Secrets for their trade secrets to be processed accordingly.
The Guidelines also indicate that data copied during dawn raids are subject to the protection of the attorney-client privilege. Documents will be considered privileged when the relevant communication is (i) made between the undertaking and independent external legal counsel who is not an employee of the undertaking; and (ii) centered on the undertaking’s exercise of its right to defense. Secondary legislation reflects the recent decision making practice of the Board, as the matter of attorney-client privilege has been a widely discussed point in its recent decisions.
The Competition Authority provides insightful information on the Authority’s dawn raid procedures with the newly published Guidelines on reviewing, copying and taking custody of data to be reviewed on the Authority’s premises. Undertakings should review their dawn raid procedures to ensure compliance with the Competition Authority’s requests, particularly on access to eDiscovery tools and administrator rights.
Please stay up to date with further developments through the Esin Attorney Partnership Coronavirus Helpdesk.