The fundamental right to privacy in competition investigations – effective protection or lip service?

2018 | roadmap

Most competition authorities can raid businesses and private premises in order to obtain documents that evidence presumed infringements of competition law. They have the power to conduct "all necessary inspections", meaning that the investigation decision must be based on reasonable grounds and aimed at verifying the existence and scope of a presumed infringement based on already available information. Fishing expeditions are not allowed.1

Fundamental right to data protection in antitrust investigations –
"E-discovery" in the course of dawn raids and related problems regarding seized private data.The right to privacy, which comprises the right to data protection, is especially at risk when competition authorities examine virtually the entire IT environment of an undertaking. When sifting through hardcopy documents, a quick look at the document often allows the investigator to identify whether it is exempted from review. This does not hold true for masses of digital information seized and later examined by the authority, leading to a critical tension between "e-discovery" measures and the right to data protection.

The Volker and Markus Schecke GbR /Land Hessen2 case would suggest that the right to data protection only applies in a very restricted way to legal persons. However, the right to data protection of natural persons also can be affected, especially the "blind" confiscation of whole mailboxes, which can include private correspondence. While it has been confirmed that an ediscovery as such does not violate the right to privacy,3 such measures have to be proportionate. Confiscation of masses of electronic data which include private data is thus only admissible if (i) the confiscation itself is related to the alleged infringement and not arbitrary (eg restricted to the employees working in the field of the activity concerned); (ii) the investigated undertaking is provided with a copy as well as a report of the seized data; and (iii) the authority was not able to filter the seized data more stringently. The technological possibilities of further selection will therefore be decisive for the legality of e-discovery measures.4  Widespread and indiscriminate confiscation of IT data is prohibited. The undertaking must also have the possibility to object to the confiscation.

Effective protection?
At the EU level, an investigation decision of the European Commission ("EC") as such can be challenged before EU courts. However, if disproportionate measures infringing fundamental rights arise in the course of the inspection itself, no separate action is possible, but it constitutes a part of the review of the EC's final decision by EU courts. As the EU is not yet itself a member of the European Charter of Human Rights ("ECHR"), an application to the European Court of Human Rights ("ECoHR") against actions of the EC is not possible. In contrast, undertakings can make an application against infringements of fundamental rights through actions of Member States or their representatives to the ECoHR after having exhausted all national remedies.

Overall, in recent years the EU courts have recognised a number of fundamental rights relevant to the enforcement of competition rules, and are placing ever greater emphasis on the compatibility of competition procedures with the EU Charter of Fundamental Rights, the ECHR and the jurisprudence of the ECoHR. Still, one can question whether the possibility of reviewing the legality of dawn raids only ex post provides sufficient protection. After all, authority officials will gain knowledge from the reviewed data even if the review is subsequently found to be illegal.

The current belief, though, is that the protection measures in place against antitrust investigations of the EC strike an acceptable balance between the right to privacy and effective investigation measures. Still, several areas remain where the relationship between effective protection of the right to privacy on the one hand and effective enforcement on the other hand seems grossly unbalanced. For example, at the EU level, enforcement trends in merger control proceedings risk undermining fundamental rights. At the national level, several national regimes or enforcement practices of national authorities in Central and Eastern Europe seem at odds with the EU case law on fundamental rights, even in the area of antitrust investigations.

-----------------------
 Footnotes

ECJ, Case C583/13 P, Deutsche Bahn AG v Commission EU, paras 1836.
ECJ, Case C92/09 and C93/09, Volker and Markus Schecke GbR/Land Hessen, paras 53 and 54.
GC, Cases T135/09, Nexans, and T140/09 Prysmian; ECoHR, Cases Robathin v Austria and Vinci v France.
However, as Judge Zupancic stated in his concurring opinion in Vinci v France, it will often be hard to prove whether or not further technological selection possibilities existed. See also Seelos /Harsdorf, Veni, vidi, VI(N)CI? Der EGMR und die elektronische Datensicherung im Rahmen kartellrechtlicher Hausdurchsuchungen in Frankreich, ÖZK 2015, 149.

Further reading
The Delta Pekárny case as a leading example of ineffective protection in an Eastern European Member State?
All Schoenherr Chapters of the International Comparative Legal Guide to: Merger Control 2018