Dawn raid in the practice of Serbian Commission for Protection of Competition – Does the authority’s seize and sift approach go too far?

The decision of the Serbian Commission for Protection of Competition (“Commission“) fining two major coffee producers in Serbia, Atlantic Group and Strauss Adriatic, for concerted practice on the market for wholesale of ground coffee, offers a rare insight into the Commission’s approach to collecting evidence in electronic form during dawn raid and their subsequent examination.

Commission’s practice when collecting and reviewing electronic evidence

It follows from the decision that the authority made forensic copies of the entire mailboxes and other electronic documents from the computers and mobile phones of those employees of the parties under investigations whose roles, titles, or job descriptions, according to publicly available data, were related to coffee production and sales, creation of commercial policies and PR. The parties received the exact copy of the documents taken by the Commission. The Commission did not conduct any pre-selection review on site. Instead, it searched on its own premises the forensic copy of the downloaded content from the parties’ servers, using selected keywords related to the subject-matter of the proceedings. The parties were not allowed to be present on the Commission’s premises during the review of the copied databases and selection of relevant documents, on ground of impracticality. The Commission also stated that the parties’ presence during the review would have interfered with free evaluation of evidence. After it had reviewed the search results, it selected the documents to be placed into the file and sent their copies to the parties for their review, in advance of the issuance of the statement of objections. With respect to the remainder of the documentation the Commission said it had not been reviewed and may not be used for any other purposes.

The parties objected to non-selective downloading of the entire mailboxes during the dawn raid, which went beyond the subject-matter of the proceedings and the infringement period specified in the decision launching the investigation, and also to the review of the databases offsite without the presence of the parties involved. Atlantic Group also objected that the forensic copy contained a large amount of personal data.

The Commission dismissed the personal data objection by stating that it regarded the copied correspondence as business communication, given that the e-mail addresses are owned and controlled by the company, and the employees are presumed to use business e-mail on the basis of employment and for business purposes. However, this does not mean that e-mails sent from or received to business address do not contain personal data.

It also dismissed the more general objection regarding the unselective copying of the entire mailboxes by reiterating that the parties received an exact forensic copy of the seized documents, which means they were able to review what was taken and request exclusion of private correspondence and correspondence otherwise containing personal data, documents subject to legal privilege, documents outside the subject-matter of investigation or documents that should not be reviewed for other reasons. In case of just one party under investigation, that meant more than 400,000 e-mails and a large number of attached documents. Nevertheless, the Commission was of the opinion that even the possibility of reviewing the documents selected for the case file and objecting to their inclusion, is sufficient for due process.

The parties’ submitted that by copying the documents in bulk and reviewing them offsite and ex parte, the Commission stripped them of the right they normally have during the dawn raid, which is to contemporaneously object to the taking of evidence that goes beyond the scope of investigation. However, the Commission maintained that the review of the forensic copy on its premises does not represent a continuation of the dawn raid but a different phase of investigation in which the parties cannot expect the same level of control as during the dawn raid. According to the Commission, neither the Competition Act nor the general Administrative Procedure Act mandate the presence of the parties during the off-site examination of evidence seized during the dawn raid. The parties only have the right to object to the documents selected by the Commission for inclusion into the case file.

Comment on the Commission’s practice

The Commission’s position can be legitimately criticized.

The “seize and sift” approach exhibited by the Serbian Commission is not a standard procedure for collection of documents by the EU Commission. According to the Explanatory note on Commission inspections[1], if the selection of documents relevant for the investigation is not yet finished at the envisaged end of the on-site inspection at the undertaking’s premises, there may be legitimate reasons for the EU Commission to decide to continue, at its premises in Brussels, the inspection of the data which it has collected from the undertaking. In such case, a copy of the data set still to be searched may be collected, together with the data set already searched, to continue the inspection at a later time. This copy is secured by placing it in a sealed envelope, and the EU Commission will invite the undertaking to be present when the sealed envelope is opened and during the continued inspection process at the EU Commission’s premises. If such a continued inspection gives rise to additional costs for the inspected undertaking solely as a result of that continuation, the undertaking can even claim the reimbursement of those costs. The EU Commission may also ask the undertaking to keep the sealed envelope in a safe place to allow the EU Commission to continue the search process at the premises of the undertaking in the course of a further announced visit. Accordingly, the EU Commission gives precedence to the safeguarding of the parties’ rights over the practicalities.

Even though the Serbian Commission stated in the Atlantic/Strauss decision that it is not bound to follow EU soft law on procedural matters, and that the EU Member States apply the same approach as the Serbian Commission, the NCAs of the Member States do tend to follow the best practices used by the European Commission. According to the NCA Directive[2], “[t]o minimise the unnecessary prolongation of inspections, national administrative competition authorities should have the power to continue making searches and to select copies or extracts of books and records related to the business of the undertaking or association of undertakings being inspected at the authority’s premises or at other designated premises”. However, the same document states that “[s]uch searches should ensure the continued due respect of undertakings’ rights of defence,” implying that the parties should maintain during the continued search the same level of the right of defence as during the dawn raid.

A number of NCAs of the Member States do copy the entire servers or databases during dawn raids. However, they usually have in place additional safeguards to protect the parties’ procedural rights. In Bulgaria, for example, when the NCA copies the entire server or a computer, the company’s representatives are invited to the premises of the authority to attend the opening of the copies. They are given the opportunity to indicate privileged and personal information to be removed from the copy. The authority then reviews a second working copy created after the removal of protected data. In Slovenia, if forensic copies or extracts of the books and other documentation have been seized by the authority, the authority will request the undertaking to identify privileged communication within a period of no less than seven days, or will invite the undertaking to be present during the inspection of the books and other documentation, in which case the undertaking may lodge the objection on grounds of privileged communication. The Austrian authority seals the collected electronic data, keeps it separate from its general case file, and agrees with the company on an appropriate time limit (at least two weeks) during which the company may inspect the seized documents and indicate the objectionable ones. If the objection is justified, the authority removes objectionable documents and creates a working copy of the database from which it then removes the employee personal data and any other data that is not relevant to the investigation.

The General Administrative Procedure Act stipulates the principle of proportionality, according to which the administrative body is allowed to restrict the party’s right only if this is necessary to achieve the purpose of a legal provision and such purpose cannot be achieved by less restrictive means.

The Serbian Competition Act confers on the Commission the power to seize and retain the documentation of the party under the investigation until it is copied. At the same time, the legislation gives the party under investigation the right to be present during the inspection, unless the request for presence is aimed at delaying or obstructing the procedure. The party also has the right to request protection of confidential data and exclusion of legally privileged information. It is implied that the party also has the right to object to review and retention of the documents which are outside the scope of investigation. Off-site ex parte review of documents copied in bulk truncates the foregoing procedural rights. Copying of entire databases for off-site selection may be necessary when there is a large number of documents which cannot be reviewed at the party’s business premises within a reasonable timeframe. However, even then, the parties should be allowed to be present at the Commission’s premises when the seized evidence is unsealed and searched through on keywords basis, to control the adequacy of the chosen keywords and ensure they are sufficiently specific to fit within the subject-matter of the investigation. The documents that do not come out as a reasonable search result should be permanently deleted or returned to the parties to remove the risk of unauthorised access or subsequent fishing by the authority. Such measures would neither unreasonably prolong the duration of the proceedings, nor interfere with the Commission’s free assessment of evidence as the parties would not be present during the Commission’s review of selected documents.

 

[1]Available at: https://competition-policy.ec.europa.eu/system/files/2021-03/inspections_explanatory_note_en.pdf

[2] DIRECTIVE (EU) 2019/1 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 11 December 2018 to empower the competition authorities of the Member States to be more effective enforcers and to ensure the proper functioning of the internal market