ACM publishes new guidelines on digital data research

20 February 2014

The Dutch competition authority, the Authority Consumer and Market (“ACM”), published new guidelines effective 12 February 2014. These guidelines are intended to regulate how the ACM retrieves and researches digital data during an investigation into a competition law infringement (e.g. during a dawn raid).

The new set of guidelines is called ACM Procedure for search in digital data 2014 (in Dutch: “ACM Werkwijze voor onderzoek in digitale gegevens 2014”). It aims to clarify the guarantees for collecting and researching data in the course of an ACM investigation. Key rules and safeguards here:

On gathering data to be investigated (Data Set I)

In using its statutory powers of investigation, e.g. in conducting a digital data investigation, the ACM must at all times respect the aim and object of the investigation. This limits the possibilities of a digital fishing expedition. However in our experience, it is necessary to supervise all investigatory acts nevertheless, in order to prevent out-of-scope search terms. Having a one-on-one supervisory presence seems particularly important during dawn raids.

The ACM is obliged to submit the aim and object of the digital data investigation before it starts its procedure. The ACM is also obliged to submit the names of any person that is suspected of an infringement as well (this may include e.g. board members, supervisors, mid-level management, but also supporting staff).

After the ACM secured digital data, it must submit an overview, which specifies all files individually.

On assessing what falls within the scope of the investigation (Data Set II)

To ascertain if certain digital data fall within the scope of the investigation, the ACM may review the files summarily – but not longer than necessary. During this review, any interested party, in legal terms, has the right to be present.

If the ACM finds certain digital data to fall within the scope of the investigation, it must again submit an overview, which specifies all files individually. The ACM is also obliged to explain how the assessment took place.

On excluding personal or privileged data (Data Set III)

One is allowed, based the information contained in Data Set II, to file a written request to leave personal data out (the ACM is only allowed by law to look into business communication). In case this request is honoured, the information concerned will not be used during further investigation.

The ACM has published a separate set of Legal Professional Privilege Guidelines which regulate investigation into privileged information. We discussed these parallel Guidelines earlier. Suffice to note that privileged information can be excluded as well, if certain conditions are satisfied. The remaining information in effect forms a Data Set III.

On making data available to the defendant

The applicable law (article 5:49(1) of the Dutch General Administrative Code) states that the defendant, upon request, must be given the opportunity to look into the digital data gathered and make copies. This rule applies to ACM investigations as well. It must make available Data Set III* if so required, to the person suspected of violation.

Please note it is not clear from the wording of the new 2014 Guidelines if all persons suspected of a competition law infringement, e.g. in the context of a suspected cartel, would be able to review all Data Sets III* and if so, what procedure is to be followed in order to protect confidential information.

On further use of the data

Information contained in Data Set III* can in principle be re-used in other investigations or passed on to third parties (please note the new 2014 Guidelines remain silent on whose investigations this might be – the ACM’s, foreign competition authorities, other types of authorities altogether, etc.). If the ACM chooses to (allow to) re-use or pass on certain information, it must make a written record, specifying at least form which Data Set information was detracted.

Information not contained in Data Set III* cannot be re-used or passed on.

All information that does not go on to become part of the (cartel) dossier, by virtue of ACM selection, must be destroyed at the end of its investigation. Information that does become part of the (cartel) dossier is archived and subject to general archive law.

On possible remedies

As several commentators have noted during the consultation round before adoption, these new 2014 Guidelines remain silent on human rights. Moreover, they appear less detailed than their predecessor. Accordingly, much will depend on how the ACM behaves in practice.

There is no express remedy in the new 2014 Guidelines, but generally speaking, claimants may e.g. request civil courts for an injunction. An alternative, if certain conditions are satisfied, could be litigation before an administrative court.

Require more information?

Please contact Adriaan Buyserd (LinkedIn here and company website here).

Interested to find more?

Please feel free to download our eBooks and newsletters here (in Dutch)

* The new 2014 Guidelines consistently refer to Data Set II (“onderzoeksdataset”) and do not seem to distinguish between Data Set II, which still includes possible personal and privileged information, and Data Set III, which does not. It seems plausible these rules apply to Data Set III, in our preliminary view.