6 October 2015
On 11 September 2015, the European Commission ("Commission") released an updated version of its Explanatory Note on Inspections pursuant to Article 20(4) of Council Regulation N° 1/2003 ( the "Explanatory Note”).
The Explanatory Note is handed over to businesses that are subject to an antitrust inspection by the Commission at the beginning of such an inspection. It addresses in detail a number of practical matters concerning the Commission's approach to inspections - including the obligation of the company to cooperate, the right to take legal advice and the searches the Commission can undertake (especially using IT). For some years now, the Commission has also published a previous version of the Explanatory Note on its website for general information purposes.
This new Explanatory Note does not introduce any major changes compared to the text of the previous version (which dates from 2013), but it does give a clear message that the Commission is taking stock of, and adapting to, recent changes in working habits in order to make its procedures more secure.
- Taking stock of the digitalisation of businesses
The Explanatory Note adds “servers” to the list of IT environments that the Commission's inspectors can search, while the previous version only referred to desktops. However, the Commission has in practice logged onto company servers from employees' desktops; its inspectors also frequently ask for access directly to the servers and to the relevant back-up tapes, when these are located on the inspected premises.
The situation can, however, be more complex now that servers are more frequently located off the premises - sometimes outside the EU, and potentially on the "cloud". The Commission has long claimed that its inspectors have access to any data accessible from within the company - no matter where the data is physically stored - and the Explanatory Note confirms this approach, adding the “cloud” to the storage media its inspectors can search.
Moreover, while the previous version referred specifically to “mobile phones” and “tablets”, the Explanatory Note has a broader scope, referring to “other mobile devices”.
- Integrating Bring Your Own Device (BYOD) policies
The Explanatory Note also takes into account recent changes in working habits which blur the lines between professional tools and personal devices.
The Explanatory Note now expressly provides that such devices can be searched as long as they are found on the premises and are used for professional reasons. The Note does not, however, set out how the inspectors will determine that such personal devices are “used for professional reasons”.
Moreover, it is clear that employees also enjoy a right to privacy, and there are a number of precedents and legal provisions under EU law which emphasise that the Commission must have a reasonable suspicion that professional documents are likely to be found in personal premises, bags or vehicles to extend searches.
It may be expected that potential conflicts on such issues are likely to grow with BYOD policies and the fact that company personnel are increasingly likely to work from home and/or use personal devices.
Indeed, the Explanatory Note appears to seek to deflect future challenges, by stating expressly that the personal data of individual staff members of undertakings may be copied and become part of the Commission's file.
- Announcing further development of “continued inspections”?
The Commission has also provided further detail in the Explanatory Note on the 'continued inspection' process which applies when the inspection is not in fact long enough to review all storage media selected for examination.
In such instances, the Commission may create an authentic copy on different storage media and secure that copy in a sealed envelope for further examination - either at the Commission’s premises, or if there is a new (announced) visit at the premises of the company.
The Explanatory Note now also reflects the Commission's existing practice of asking the company to keep the sealed envelope, where relevant. In such a case, the company keeps its data under control but bears a heavy responsibility for keeping it safe.
With storage media being increasingly used within companies, the recasting of the Explanatory Note to take these aspects into consideration may be an indication that there will be more cases of continued inspections in the future.
Companies should ensure that these recent practical developments are reflected within their existing dawn raid response procedures. For those companies that have not yet implemented a dawn raid response programme, the Explanatory Note will give pause for thought – it marks a further step in the ever-increasing complexity of the Commission's processes during on-site inspections, and makes even more compelling the case for ensuring that robust dawn raid response procedures are put in place - not least in view the magnitude of the fines that could inadvertently be incurred for failure to cooperate with any investigation.