For further information,
please contact:
Legal Alerts
https://www.esin.av.tr/wp-content/themes/esin/images/esin.jpg

The Turkish Competition Board Does Not Tolerate Digital Data Wiping During Dawn Raids, As Confirmed By Four Recent Administrative Fines

Legal Alerts
Competition
General

The most recent Turkish Competition Board (“Board”) decisions once again show the Board’s sensitivity regarding any irregularities in dawn raids and particularly its zero tolerance policy regarding any data wiping during on-site inspections. Last week, four new reasoned decisions on obstructions of on-site inspections were published on the Turkish Competition Authority’s (“Authority“) website. The Board imposed administrative fines for obstructing on-site inspections on Eti Gıda San. ve Tic. A.Ş. (“Eti”), Istanbul Gübre Sanayi A.Ş. (“IGSAŞ”), Unmaş Unlu Mamuller Sanayi ve Ticaret A.Ş. (“Unmaş”), and Çiçek Sepeti İnternet Hizmetleri A.Ş. (“Çiçek Sepeti”) with its decisions numbered 21-24/278-123, 21-38/544-265, 21-26/327-152, and 21-27/354-173, respectively. The decisions have one thing in common: in all four cases, employees of the said undertakings’ deleted certain WhatsApp conversations during the on-site inspections.

The decisions are significant because they demonstrate the importance attributed to the digital data collection during on-site inspections under the new Guidelines on Digital Data Review During On-Site Inspections (“Guidelines“). All four decisions show a new trend regarding the Authority’s on-site inspections as well as some precious cautionary lessons that may be useful for on-site inspections.

  • Undertakings should make their organization schemes and IT support readily available

The decisions show that since documents showing the internal organization of the company are the first tools for the Authority to determine the employees to be inspected, the undertakings should ensure that they are in a position to provide these documents to the Authority without any delay. Moreover, since access to IT tools and systems is crucial to the inspection, the Board will also consider whether IT access is provided swiftly during an on-site inspection. This shows that a readily available organization scheme and easily accessible IT support are of the utmost importance to meet expectations of the case handlers and the Board.

  • It is crucial to communicate accurately with the Authority’s case handlers

In the Eti decision, while the case handlers arrived at Eti’s premises by 9:53 am, they were told that no one, except the administrative affairs supervisor, was on the office premises due to the Covid-19 pandemic and that the employees were working from home. The Authority officials requested that the relevant employees should come to assist the on-site inspection. The inspection could only start at 10:40 am after the relevant employees’ arrival at the premise, which caused a delay of around 40 to 50 minutes. In addition, against the undertaking’s statement regarding the absence of the employees at the office premises, the Authority officials found out that the marketing group officer, the senior category manager of Eti and an executive board member were already at the office when the Authority officials came to the premises.

In its reasoned decision, the Board noted that the employees’ not being present in the office and arriving late for the inspection due to traffic may not be considered as obstructing the inspection in and of itself. However, the Board elaborated that the administrative affairs supervisor told the Authority officials that no one was at the office, while certain employees were indeed at the office. This evolved to be one of the facts that lead to an administrative fine. In this regard, undertakings must always communicate clearly and precisely with the case handlers to prevent delays and act swiftly to assist the on-site inspection.

  • Guidelines changed the game

In all four decisions, the Authority used forensic review tools, including Celebrite, inspected communication devices and WhatsApp conversations, reviewed log records and copied the relevant data to an external hard drive. By using its forensic review tools, the Authority officials were able to pinpoint when the data was deleted from the phones. Therefore, undertakings should be aware of the Authority’s IT capabilities and ensure they are providing “full support” to the case handlers.

  • Deleting data does not prevent you from getting caught, most of the communications can be brought back, with an additional obstruction fine bonus

In all four decisions, some employees deleted digital conversations, mainly WhatsApp conversations during the on-site inspections, as follows:

  • During Eti’s inspection, the Authority officials found that certain WhatsApp conversations of a director, who had been invited to the premises at 12:37 pm, were deleted by 12:43 pm, as detected by the log history. They later confirmed this fact with a test in the Authority’s IT laboratory. The Authority officials also invited another employee to Eti’s office who was the counterparty of the deleted conversation to review their phone as well.
  • In the IGSAŞ decision, the Authority officials found that two employees deleted 165 and 171 e-mails respectively, and an employee deleted their WhatsApp conversations and exited a WhatsApp group during the inspection.
  • In the UNMAŞ and Çiçek Sepeti decisions, the Authority officials found that WhatsApp conversations were deleted during the inspection. However, the Authority was still able to access the deleted data with the help of its forensic tools.

The takeaway from this is that, even if the employees may think so, digital data is often not deleted completely. Whether the conversation/document is found on another employee’s phone or computer or whether the Authority’s tools bring back the data, the Authority can find a way to discover and expose the data.

Consequently, the Authority officials not only found the deleted data, but also the Board imposed administrative fines amounting to 0.5% of relevant undertakings’ 2020 turnover for violating Law No. 4054 on the Protection of Competition.

  • It does not matter if the deleted correspondences do not involve any competition law violations

In the IGSAŞ decision, the undertaking also argued that no obstruction took place since (i) there was no competition law violation in the deleted conversations and (ii) the correspondences involved issues clearly not related to competition law such as condolence messages, announcement regarding new hires, etc. The Board did not give credit to this defense.

Therefore, undertakings undergoing a dawn raid should ensure that their employees are aware that any deletion of e-mails, WhatsApp messages or similar content may be regarded as an obstruction regardless of the nature of the deleted materials.

Conclusion

On-site inspections have a paramount significance in uncovering competition law infringements. To ensure that the authorities gain all they can from these inspections, legislators (i) oblige investigated undertakings to assist and refrain from obstructing / complicating an inspection, and (ii) penalize the undertakings that violate this obligation. On the other hand, the review of digital data is growing to become one of the cornerstone of on-site inspections. As day-to-day communication shifts from calls and e-mails to instant messages, the Authority’s interest in this medium has been increasing steadily and is expected to continue to do so. Through the obstruction decisions discussed above, the Board has once again sent a clear signal that it will show zero tolerance regarding any irregularities in its on-site inspections and particularly the deletion of e-mail or instant messages. The Board’s approach in this regard also mirrors that of certain foreign competition watchdogs who have also fined undertakings for employees’ deletion of WhatsApp messages.1

Given this trend, companies should ensure that employees are fully aware of the need to avoid any deletion of data during on-site inspections. Furthermore, with its Guidelines, the Authority clarified that it will examine mobile devices that contain work messages. Thus, all investigated undertakings must ensure that their employees comply with this enforcement trend and show the same sensitivity regarding deletion of instant messages on their mobile phones.

Finally, the abovementioned cases show that the hybrid work schemes adopted due to Covid-19 precautions may present additional challenges. To avoid any pitfalls due to this, companies should be well-prepared in advance so that the employees in the office can effectively assist the case handlers and crucial staff (such as IT support) are in a position to arrive quickly on the scene. The companies should also ensure that they communicate accurately with the Authority case handlers regarding who is and who is not at the office premises.

For instance, the Netherlands Authority for Consumers and Markets (ACM) fined an undertaking EUR 1.84 million due to an obstruction by way of deleting certain WhatsApp messages and leaving certain WhatsApp groups during the inspection. .