SSRN Id2355033

20th St.
Gallen International Competition Law Forum ICF
Chair: Prof. Dr. Dr. h.c. Carl Baudenbacher
April 4th and 5th 2013
ROMINA POLLEY •
Digital Evidence Gathering in Dawn Raids – a Risk for the Company’s
Rights of Defence and Fundamental Rights
www.sg-‐‑icf.ch

• The author is a partner at Cleary Gottlieb Steen & Hamilton LLP, Cologne. She would like to thank her colleague Ioannis
Thanos for his valuable contribution.
Electronic copy available at: http://ssrn.com/abstract=2355033

20th St.Gallen International Competition Law Forum ICF
A. Introduction
In an increasingly paperless business world where email has become the prevalent form of
business communication, the focus of unannounced inspections by competition authorities at
business premises (“dawn raids”) has shifted to the search for electronic evidence. Inspectors
conducting on-‐‑site inspections are usually accompanied by a team of IT experts entrusted
with the task of securing electronic evidence. Procedural issues related to digital evidence
gathering have recently been scrutinized by the General Court (“GC”) in the Deutsche Bahn,1
Nexans2 and Prysmian3 judgments. Legal aspects of digital evidence gathering will continue
to be in the spotlight since Nexans appealed against the GC judgment to the Court of Justice
of the European Union (“CJEU”).4
Searching for digital evidence poses several challenges for the European Commission
(“Commission”). To begin with, the Commission must sufficiently delimit the scope of the
investigation and carefully select the search terms to be applied in order to avoid any risk of
being accused of carrying out fishing expeditions. It must also review the data available
within the shortest possible time so as to avoid disruption to the company’s daily business.
Due to the ever increasing volume of digital data and the complexity of IT environments,
finding “smoking gun” evidence during an on-‐‑site review has become an arduous task.
Modern IT solutions, such as cloud computing, may be cost-‐‑efficient for undertakings but
they may also lead to situations where the inspectors are not technically able to access the
company’s electronic data. Thus, the Commission must, to a considerable degree, rely on the
company’s cooperation in order to be able to carry out electronic searches. Moreover, raided
companies are often asked to provide explanations with regard to the structure and
operation of their IT systems, passwords or access to password protected data and technical
assistance where needed.5

1 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v. Commission (GC, 6 September 2013).
2 Case T-‐‑135/09 Nexans France SAS and Nexans SA v Commission (GC, 14 November 2012).
3 Case T-‐‑140/09 Prysmian v Commission (GC, 14 November 2012).
4 Nexans appealed the GC judgment on January 24, 2013. See Case C-‐‑37/13 P: Appeal brought on 24.1.2013 by Nexans France
SAS, Nexans SA against the judgment of the General Court delivered on November 14, 2012 in Case T-‐‑135/09 [2013] OJ C
101/10.
5 Therefore, undertakings wishing to minimize the risk of a fine for obstruction of an on-‐‑site inspection should make sure that
their IT staff can provide access at any time to any password protected file stored on the company’s electronic data

At the same time, digital evidence gathering is like walking a tightrope for the companies
facing an inspection. The company under investigation is obligated to cooperate fully and
actively with the Commission’s inspectors for the duration of the inspection. In particular, it
must provide the Commission with “administrator access rights” support and disclose its
codes for password protected devices or files to the inspectors. It must also provide
explanations regarding the company’s IT environment and, upon request by the inspectors,
it must block individual email accounts or temporarily disconnect computers from the
network in order to preserve the integrity of the electronic data to be reviewed. Any refusal
to provide required passwords or any, even unintentional, tampering with computers or
email accounts blocked by the Commission is considered an obstruction of the inspection.
Such an obstruction can be sanctioned by a separate fine as the EPH case shows6 or be
considered an aggravating circumstance in the final calculation of the fine for the
infringement. During the inspection, the company therefore finds itself caught between its
duty to cooperate on the one hand, and its legitimate interest in exercising its rights of
defence and in protecting its confidential information on the other.
Since digital evidence gathering as part of unannounced inspections at business premises
constitutes a serious interference with a company’s fundamental right to the integrity of its
business premises, procedural and substantive safeguards against any abuse by the
inspectors are required. The importance of clear detailed rules setting out safeguards against
possible abuse or arbitrariness has been stressed by the European Court of Human Rights
(“ECtHR”) in two recent judgments7 and acknowledged by the GC in Deutsche Bahn with
reference to these ECtHR judgments.8 In the light of this, the question arises whether the
current legal framework of Article 20(2) Regulation 1/2003 and the Commission’s updated

hardware. See Guy Lougher “How can companies avoid obstruction charges arising from an on-‐‑site inspection: practical lessons from
the E.ON Energie appeal” [2011] JECLAP 235.
6 See EPH and others (Case COMP/39793) Commission decision [2012] OJ C316/8. In the Deutsche Bahn case, however, the
Commission did not impose a fine on the undertakings under inspection, although they allegedly inhibited access to
computers and email accounts for more than one day. See Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG
a.o. v Commission (GC, 6 September 2013) para 101.
7 Harju v Finland App no 56716/09 (ECtHR 15 February 2011) para 42; Heino/Finland App no 56720/09 (ECtHR 15 February
2011) para 43.
8 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013) para 66.
2

Explanatory Note on Inspections from March 18, 2013 (the “Inspection Note”)9 meet this
requirement, and whether companies subject to digital searches have access to effective
judicial review, another fundamental right to be respected.
B. The Commission’s Approach to Digital Evidence Gathering
Article 20(2) of Regulation 1/2003 is the legal basis for the Commission’s inspection powers
as regards digital evidence gathering. It states that the Commission is entitled to “examine
the books and other records related to the business, irrespective of the medium on which
they are stored [emphasis added]”; to “take or obtain in any form copies of or extracts from
such books or records”; and to “seal any business premises and books or records for the
period and to the extent necessary for the inspection”. The Inspection Note describes in more
detail the powers of the Commission’s inspectors during a dawn raid and also specifies the
Commission’s powers to search and copy electronic records.10 The Commission acts on the
assumption that its powers to inspect and copy digital evidence are identical to those
concerning paper documents.11
The Commission claims that it can basically search the entire IT environment of a company
under inspection and access any piece of electronic information available to the company,
irrespective of its physical storage location. This means that every storage medium: servers,
computer hard discs, CD-‐‑ROMs, USB sticks, laptops and mobile phones can be searched for
evidence. The Commission officials extract potential relevant files from the searched media
by creating a temporary forensic copy of part of the content of the medium on storage
equipment (external hard drives, USB sticks) that they carry with them or that is provided by
the inspected company. If required, inspectors can make a so-‐‑called forensic image of a
storage device. This means that all data contained on a storage medium together with

9 Explanatory note to an authorization to conduct an inspection in execution of a Commission decision under Article 20(4) of
Council Regulation No 1/2003, as revised on March 18, 2013, available on
http://ec.europa.eu/competition/antitrust/legislation/explanatory_note.pdf.
10 See Inspection Note, paras 9-‐‑15.
11 This is in line with the approach taken by other competition authorities; see John Temple Lang, “Legal problems of digital
evidence” [2013] Journal of Antitrust Enforcement 1.
3

unallocated space is copied. Such a process is also called “mirroring” due to the fact that a
mirror image of the content of the storage medium is created.
Data contained in the forensic copies or images will then be uploaded onto the Commission’s
computers for indexing and review. A specific forensic software tool is used for both
purposes. Indexing creates a catalogue of the temporarily copied data. Indexed data is then
reviewed on the Commission’s computers using search terms determined by the
Commission. The company under inspection should provide inspectors with a room which
can be locked and which serves as the review centre for the whole duration of the inspection.
As the underlying premise of the Commission’s digital evidence gathering process is that the
search for evidence should, as a matter of principle, take place at the company’s premises, it
is unsurprising that inspections can last two to three days on average.12 The review room
should be sealed when the Commission’s inspectors are absent. The Commission takes the
inviolability of such seals very seriously as its decisional practice demonstrates.13
After indexing, data responding to the search terms will be reviewed by the Commission’s
officials in the presence of the company’s representatives. It is up to the Commission’s
officials to determine whether a document is relevant. All relevant documents will then be
copied onto an external storage medium (DVD, USB stick or hard disk) together with a list
containing the name, the path and a hyperlink to each document.14 The company inspected
will receive a copy of the device containing the evidence found and an indexed list. In this
way, the Commission is moving away from the previous practice of providing the company
with paper copies of the electronic evidence found.15
Once the inspection has finished, the Commission’s inspectors delete all data that was
temporarily stored on devices belonging to the Commission (the so-‐‑called “sanitization”

12 See for example the duration of the three on-‐‑site inspections at Deutsche Bahn premises in the course of an investigation
into an alleged abuse on the market for electricity for trains on the German railway network: Joined Cases T-‐‑289/11, T-‐‑
290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013) paras 6, 11, 16, 18, 23 and 25.
13 Electricity producer E.ON and Suez Environnement, a water and waste management services provider, have been fined € 38
million and € 8 million respectively for damaging the Commission’s seals. See E.ON Energie AG (Case COMP/B-‐‑1/39.326)
[2008] OJ C 240/6 and Suez Environnement breach of seal (Case COMP/39.796) [2011] OJ C 251/4.
14 Dirk Van Erps “Digital evidence gathering: An up-‐‑date – the EC practice” [2013] Concurrences 214.
15 Ibid 214.
4

process). If storage media provided by the company are used, they will be returned to the
company without their content being wiped.16
A special procedure is provided for in case the review of the secured and potentially relevant
data cannot be completed at the company’s premises. The Commission calls it the “sealed
envelope” or “continued inspection” procedure and considers it to be an exception to the
rule.17 However, the Inspection Note makes no mention of the procedure to be followed
during the review. The sealed envelope procedure consists of a mirror image of the storage
medium which has not yet been searched being put in an envelope which is then sealed and
taken to the Commission’s premises for further review. The company concerned receives a
copy of the hardware with the mirror image and the Commission undertakes either to return
the sealed envelope to the company or to invite the company to attend the opening of the
sealed envelope and assist in the review process.18
C. Legal Issues Arising from the Commission’s Approach to Digital Evidence Gathering
The Commission’s approach to digital evidence gathering during dawn raids raises a
number of legal questions as to its compatibility with the companies’ rights of defence in
cartel proceedings and its fundamental right to privacy (Article 7 of the Charter of
Fundamental Rights of the European Union – “the Charter”) as well as procedural issues
related to effective judicial review (Article 47 of the Charter).
Whilst the Commission, on the basis of the “access approach”, claims to have the right to
access all electronic data that the company can itself access from its premises, some doubts
concerning the legality of the access approach with regard to non-‐‑EU countries remains in
the absence of a court precedent on the question, especially in view of public international

16 Inspection Note, para 13.
17 Dirk Van Erps “Digital evidence gathering: An up-‐‑date – the EC practice” [2013] Concurrences 214. This is not, however, the
case with regard to other competition authorities, such as the German Federal Cartel Office (“Bundeskartellamt” -‐‑ “FCO”),
which generally examines digital data collected during a dawn raid at its premises in Bonn. Similarly, the Dutch
competition authority (“Nederlandse Mededingingsautoriteit” – “NMa”) analyzes at its premises digital information, with
respect to which it could not be decided during the on-‐‑site review whether it falls within or outside the scope of the
investigation (see Article 6 of the “Werkwijze NMa analog en digital rechercheren”, available in Dutch at
http://www.nma.nl/images/Externe_digitale_werkwijze22-‐‑156144.pdf).
18 Inspection Note, para 14.
5

law considerations. It is also questionable whether the Commission is allowed to temporarily
copy electronic data en masse for the purpose of indexing and reviewing it with the help of
search terms and extracting potential evidence, even if it sanitizes the hardware used at the
end of the inspection. It is evident that the temporary copying of large amounts of data
means that the Commission risks copying and reviewing data not covered by the scope of
the inspection’s mandate. It is doubtful whether mirroring on-‐‑site and the sealed envelope
procedure, where data is reviewed at the Commission’s premises following the on-‐‑site
inspection, is in line with the GC’s recent pronouncements in Deutsche Bahn,19 Nexans20 and
Prysmian21 regarding the precise requirements on the scope of the inspection mandate so that
the inspection is not tantamount to a fishing expedition.
Concerns about the legitimacy of temporary copying are aggravated by the fact that search
terms are not communicated to the company by the inspectors, neither before nor after the
inspection. This means that the company is not able to verify how the review is conducted. A
particular issue arises with regard to the temporary copying of documents protected by legal
privilege and documents of a private nature, which the Commission is not supposed to look
at.
Finally, it is doubtful whether the judicial review currently granted at the EU level with
respect to the copying of digital evidence, which only allows immediate legal review of the
inspection decision but not of the measures implementing the decision during the inspection,
meets the requirements set out under the right to an effective judicial remedy as enshrined in
Article 47 of the Charter. This approach means that irregularities in electronic searches
cannot normally be challenged by the company at the time they occur, unless the company
resists and provokes a separate fine decision, but can only be challenged together with the
final decision that finds an infringement.
This paper addresses the aforementioned issues and suggests modifications to the
Commission’s digital evidence gathering procedure in order to enhance the protection of the

19 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013).
21 Case T-‐‑140/09 Prysmian v Commission (GC, 14 November 2012).
6

fundamental rights of companies that are subject to digital searches. This is necessary
because, at present, the Commission’s procedure does not appear to comply with Article 7 of
the Charter.
1. Access Approach – or How Far Can the Commission’s Digital Arm Reach?
Before the digital revolution, the examination of a company’s records and books during a
dawn raid raised significantly fewer issues regarding the scope of the Commission’s
investigation powers. The Commission was basically entitled to review every document
located at the company’s premises that was covered by the investigation’s scope with the
exception of documents falling under the EU legal professional privilege, and of documents
of a clearly private nature that bore no relation whatsoever to the company’s business.
Article 21 Regulation 1/2003 extended the Commission’s competencies by granting it the
right, albeit under stringent legal requirements, to expand its search for documents falling
under the investigation’s scope to the private homes of a company’s executives.
However, unlike physical records which are characterized by the fact that they are located at
the place where they are found, digital data are not necessarily stored in a device located at
the place where the data are accessed. Although it is not unlikely that the servers that
constitute the backbone of a company’s IT infrastructure are situated at the company’s
premises, new IT market models, such as the client-‐‑server model and cloud computing,22
result in software and data no longer being stored locally but on hardware outside Europe,
either owned by the entity or a parent, or even a third party provider. This means that
electronic data may be stored not only outside the business premises but even in a different
country or continent and by a third party. The nexus between the place of physical
investigation and the place of physical storage of the data reviewed is no longer guaranteed.
The Commission claims that it is entitled to search all electronic data that are accessible from
the company’s premises, irrespective of the physical location of the servers where the data

22 Cloud computing is characterized by the use of a virtual, decentralized infrastructure which is accessible from anywhere.
Data storage and processing takes place in a virtual “cloud”. See Kirchner/Käseberg, “Cloud Computing im Lichte des
europäischen Wettbewerbsrechts”, in: Festschrift W. Möschel, p. 355.
7

are stored.23 A number of antitrust authorities worldwide rely on the access approach to
indirectly extend the scope of their investigation powers.24 This means that it is of no
importance to the Commission whether the electronic data is stored in an EU Member State
or in a third country, as long as the company has access to such data.
However, an explicit legal basis for the access approach cannot be found either in EU
secondary law or in the Commission’s soft law. Article 20(2) Regulation 1/2003 does not refer
to the geographic reach of the inspectors’ powers. Also, the Inspection Note remains silent
on the issue of the access approach and states merely that the Commission’s officials can
“search the IT environment and storage media (laptops, desktops, tablets, mobile phones,
CD-‐‑ROM, DVD, USB-‐‑key and so on) of the undertaking”.
A closer look at some international public law instruments, such as the Convention on
Cybercrime of the Council of Europe,25 raises doubts as to the legality of the access approach.
The Convention on Cybercrime aims to foster a common criminal policy against cybercrime
and provides under Article 19, which deals with search and seizure of stored computer data,
that each party to the Convention should adopt legislative and other measures necessary to
ensure that its authorities when searching or accessing a computer system and having reason
to believe that the data sought is stored in another computer system within the territory of
this convention party can expeditiously extend the search or access to the other system. In
case computer data are stored in a territory other than the territory of the state where the
investigating authority has its seat, pursuant to Article 32 of the Convention, access to this
data is only possible with the authorization of the state where the data is stored.
Authorization is not needed in case of publicly available data or in case the person lawfully
authorized to disclose the data voluntarily and lawfully consents to such trans-‐‑border
access.26

23 Dirk Van Erps “Digital evidence gathering: An up-‐‑date – the EC practice” [2013] Concurrences 214.
24 See Chapter 3 “Digital evidence gathering” of the “Anti-‐‑Cartel Enforcement Manual” of the International Competition
Network, March 2010, p. 23. The access approach is for example followed by the FCO. See Michael Saller “Digital Evidence
Gathering in German Cartel Investigations” [2013] ECLR 84, 85.
25 Council of Europe, Convention on Cybercrime, signed in Budapest on November 23, 2001, entered into force on January 7,
2004.
26 Article 32 of the Convention on Cybercrime.
8

It follows from the Convention on Cybercrime related to access to electronic data that an
investigating authority should only be entitled to access computer data stored on storage
media located in its territory. Such an approach is also in line with the public international
law principle of territoriality. The Commission’s inspection decision refers to the business
premises to be inspected that are located in one or several Member States. If the Commission
inspectors want to search electronic data located in a Member State not mentioned in the
inspection decision they can either do so on the basis of an access theory within the EU
which assumes that all Member States consent to digital searches in their territory on the
basis of the general territorial reach of the Commission’s powers, or they can resort to
cooperation with national competition authorities under Article 22(2) Regulation 1/2003.
However, the Commission should not be entitled to access electronic data stored outside the
EU. In such a case, the Commission must first ask for the assistance of the competent
competition authority. The consent required for trans-‐‑border access to electronic data could
be provided in advance by bilateral or multilateral treaties between the EU and other
jurisdictions. Until such a regulatory framework has been established, the Commission has
to rely on the ad hoc assistance of the competent competition authority.
In this context, it must also be taken into account that the scope of an inspection decision
does not normally cover third party service providers. The Commission is entitled to carry
out an inspection only at the premises of the undertaking as stated in the inspection decision.
The practical implication of this restriction is that unless one accepts the access theory, if
electronic data is stored at a third party, the Commission has to issue a new inspection
decision against the third party under Article 21 Regulation 1/2003 in order to be able to
perform an inspection at the premises of the third party IT provider.27
2. Legal Limitations of Keyword Searches
Keyword searches of electronic data with built-‐‑in search features of the software used by the
company or with special forensic software used by the Commission makes electronic data

27 This is the approach followed by the FCO in those rare cases where third party IT providers are not willing to cooperate.
Michael Saller “Digital Evidence Gathering in German Cartel Investigations” [2013] ECLR 84, 85.
9

review during a dawn raid more efficient and less time-‐‑consuming. However, keyword
searches may also compromise a company’s rights of defence. This is particularly the case
when search terms are too broad and used to search for evidence outside the scope of the
investigation. Point 10 of the Inspection Note refers to the Commission’s right to engage in
keyword searches with the help of its own tools or those of the company, but it does not
provide for any safeguards that the inspectors will only use search terms within the scope of
the investigation as defined in the inspection decision.
From well-‐‑established case law, it follows that the inspection mandate is required in order to
specify the subject matter of the investigation28 and to identify the sectors covered by the
alleged infringement with which the investigation is concerned with a degree of precision
sufficient to enable the undertaking inspected to limit its cooperation to its activities in the
sectors in respect of which the Commission has reasonable grounds for suspecting an
infringement.29 Moreover, the inspection mandate must mention the Commission’s
assumptions and reasonable grounds for suspecting an infringement that the Commission
would like to corroborate through the inspection.30 It should also indicate the market thought
to be affected, the nature of the suspected infringements, the degree of the company’s
involvement in the suspected conduct, the evidence sought by the Commission and the
matters to which the investigation must relate.31 These requirements which concern the
mandate’s statement of reasons should allow the company under inspection to assess the
scope of its duty to cooperate and protect its rights of defence.32 However, they also define
the limits of the Commission’s powers of investigation because they imply that the
Commission is not supposed to engage in a fishing expedition. It therefore follows that the
search terms used cannot be outside the scope of the investigation.33
The risks to the company’s rights of defence arising from the selection of overly broad search
terms by the inspectors which are not necessarily covered by the scope of the inspection

28 Joined Cases 46/87 and 227/88 Hoechst v Commission [1989] ECR 2859 paras 40-‐‑41.
29 Case T-‐‑135/09 Nexans France SAS and Nexans SA v Commission (GC, 14 November 2012) para 45.
31 Ibid paras 77, 170.
32 Ibid para 169.
33 John Temple-‐‑Lang “Legal problems of digital evidence” [2013] Journal of Antitrust Enforcement 1, 10.
10

mandate appear even more serious in view of the settled EU case law. This states that the
Commission is perfectly entitled to start new proceedings and conduct new dawn raids in
order to verify and corroborate evidence found by chance during a previous on-‐‑the-‐‑spot
inspection that indicates a violation of Article 101 or 102 TFEU.34
In the Nexans judgment, the GC found that the Commission’s right to investigate implies the
power to search for information not yet known or fully identified because without such
power it would be impossible to obtain the necessary information.35 The exercise of that
power to search for information not yet known makes it possible to examine business
records of the company even if the inspectors do not yet know whether they relate to
activities covered by that decision. This is done in order to ascertain whether that is so and to
prevent the company from hiding evidence.36
However, the GC confirmed that the Commission’s searches must be restricted to the
activities of the company relating to the sectors indicated in the inspection decision.37 It
found that if the Commission were not subject to that restriction it would be able to carry out
an inspection concerning all activities of the company on the basis of indicia related to a
particular field of activities.38 This would be incompatible with the company’s right to
privacy.
In the recent Deutsche Bahn case,39 the GC reviewed search terms used by the Commission in
the context of an inspection in order to check whether there had been a systematic search for
evidence outside the scope of the investigation. The background of the dispute was that the
inspectors had found evidence of a separate infringement in the context of the first
inspection and this triggered a second investigation. The applicant claimed that the search
terms used signalled a search for evidence outside the scope of the investigation. After a

34 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013) para 125 citing
further judgments.
36 Ibid para 63.
37 Ibid para 64.
38 Ibid para 65.
39 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013).
11

detailed review of the search terms and the circumstances of the inspection, the GC denied
this.
The GC allowed the Commission a fair amount of freedom in the way that it reviewed
electronic data and the choice of its search terms. For example, it clarified that the
Commission was entitled to conduct a thorough search for evidence on any document or in
any file, irrespective of their title, as long as there were indications that they may contain
relevant evidence.40 The GC also found that the list of search terms may evolve in the course
of the inspection and accepted that search terms that were relevant for the investigation
could not be excluded from the outset.41 The GC also allows the use of search terms whose
meaning is not known by the inspectors in order to check whether it is of relevance for the
scope of the investigation.42 It follows from the above that the GC allows the Commission a
broader choice of its search terms than just search terms clearly related to the scope of the
investigation. This is understandable because the relevance of data for the scope of the
investigation is often not clear from the outset. Application of this reasoning to digital
searches using search terms would justify the use by the Commission of keywords that were
only marginally covered by the scope of the investigation. However, key words which are
clearly out of the scope of the inspection decision, e.g., those referring to entirely different
products or markets, would still be objectionable. The outer limit seems to be the GC’s ruling
in Nexans which stated that the Commission is entitled to ask a company to submit to an
inspection only with respect to those products/markets where it has reasonable grounds to
suspect an antitrust violation.43
It is encouraging that, in the Deutsche Bahn case, the GC engaged in a detailed assessment of
the question of whether the search terms signalled an abuse of the inspectors’ powers in its
ex post legal review. It follows from the judgment that a company facing an inspection should
immediately protest formally against the review of documents outside the scope of the

40 Ibid para 139 et seq.
41 Ibid para 155 et seq.
43 Case T-‐‑135/09 Nexans France SAS and Nexans SA v Commission (GC, 14 November 2012) para 67 et seq. See also Frédéric Puel
“Nexans: Some Limitations to Inspections Carried Out by the European Commission in the Context of Investigations” [2013] JECLAP
312, 313.
12

investigation because the GC rejected a number of arguments raised by the applicant
referring to the absence of a formal protest at the time of the inspection. However, as far as
the use of excessive search terms is concerned, this is only possible if the search terms used
are disclosed to the company by the inspectors.
Even though the GC did not limit the Commission’s power to review data that was clearly
within the scope of the inspection, it exercised judicial control by checking whether the
Commission systematically looked for evidence outside the scope of the investigation. It
would therefore be required that the Inspection Note clarifies that the Commission’s
keyword search is targeted to identify all relevant evidence related to the scope of the
investigation, and that it provides for the voluntary disclosure of the search terms by the
inspectors. This would enable the company to assess whether the inspectors were engaged in
a fishing expedition.
3. Issues Arising from Temporary Copying for an On-‐‑Site Review
Point 11 of the Inspection Note gives the Commission the right to provisionally copy
electronic data, such as making a forensic copy of an entire storage medium. The Inspection
Note does not provide for any limitations in that respect, namely, that this copying is only
done for the purposes of indexing and applying search terms within the scope of the
investigation, such as, reviewing for evidence outside the scope of the investigation.
Provisional copying of electronic data inevitably means that a significant number of
documents falling outside the investigation’s scope are also copied, at least temporarily.
Since the search terms used by the Commission are neither specified in the inspection’s
mandate nor disclosed to the company, the inspectors can indirectly extend the scope of the
search by selecting broad search terms and later claim that evidence outside the scope of the
infringement was found by chance.44 As long as search terms are not disclosed to the
company inspected, it is questionable whether the practice of copying electronic data en
masse is in line with the judgment in Nexans which stated that inspections should not be

44 John Temple Lang criticizes such delegation of powers to inspectors in “Legal problems of digital evidence” [2013] Journal of
Antitrust Enforcement 1, 11.
13

“fishing expeditions”.45 It is also not clear how privileged and private documents are
exempted from even a cursory glance under this approach (see below under 5).
The problem is that search terms applied to the provisional data set are likely to lead to
many hits that bear no relevance to the subject-‐‑matter of the inspection at all. Henceforth, the
Commission will, in such a case, have at least the possibility to look at documents that it is
not entitled to look at, such as privileged documents or documents of a non-‐‑business
nature.46 One may counter that the Commission’s inspectors are also entitled to glance at
documents that are not relevant to the subject-‐‑matter of the inspection under the classic,
analogue approach of the review of documents existing physically and archived in folders in
order to identify relevant evidence. However, this does not apply to privileged documents
and it is not clear how the Commission will technically exclude the review of privileged
documents. Since the Commission insists that privilege needs to be claimed, it is also difficult
for the company to identify privileged documents in a large electronic dataset in order to
invoke privilege. A difference from paper documents also lies in the fact that a search in
electronic data may lead to a much higher number of false positives and documents that are
irrelevant to the inspection’s scope. This may be in conflict with the principle of
proportionality.47 Therefore, due to the sheer size of the electronic file, it will not be practical
for the company to check whether evidence copied is within the scope of the investigation
during the inspection and whether the review takes place without abuse. This conflicts with
the GC’s requirement to protest formally against any irregularity during the inspection.
Of course, it could be argued by the Commission that keyword searches of provisionally
copied data merely constitute a pre-‐‑selection method with no actual effect on the final
selection of documents that could be used as evidence. Following this approach, the hits
produced by the keyword search must then be reviewed, at least theoretically, one by one
and the company inspected should be entitled to raise its objections with respect to

46 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013) para 80. In
general, there has to be a relationship between the documents required by the Commission during an inspection and the
alleged infringement. Case T-‐‑39/90 NV Samenwerkende Elektriciteits-‐‑Produktiebedrijven v Commission [1991] ECR II-‐‑1497,
para 25.
47 John Temple Lang “Legal problems of digital evidence” [2013] Journal of Antitrust Enforcement 1, 11.
14

documents that either do not fall under the inspection’s scope or are privileged. However, in
view of the ever larger data loads copied by the Commission during inspections, it is, in
practice, very difficult to require a thorough review of the documents copied by the
Commission from the inspected company. Further, it is extremely difficult for the company
subject to the inspection to check whether the Commission is acting within the scope of the
inspection mandate without prior knowledge of the search terms.
Even the temporary copying of electronic data not pertaining to the investigation’s scope
interferes with the fundamental right of privacy, as enshrined in Article 7 of the Charter. This
right also applies to companies and must be respected in case of dawn raids.48 Further, it
follows from Article 52(3) of the Charter that those Charter rights that correspond to ECHR
rights have at least the same meaning and scope as their ECHR equivalents. This means that
ECtHR case law on Article 8 ECHR must be taken into account by the EU courts.
It is well-‐‑established case law that the right of privacy is not absolute and the right of
investigation authorities to interfere with it may be more far-‐‑reaching in the case of business
premises.49 However, any interference with the right of privacy is compatible with Article 8
ECHR only when it cumulatively fulfils the three requirements laid down in paragraph 2 of
that provision. It must be: i) in accordance with the law; ii) necessary in a democratic society;
and iii) in the interests of national security, public safety or the economic well-‐‑being of the
country for the prevention of disorder or crime, for the protection of health or morals, or for
the protection of the rights and freedoms of others.
Regarding the “in accordance with the law” criterion, the ECtHR has clarified that it not only
requires a legal basis for the interference, but also that the law is adequately accessible and
foreseeable; that is, it is formulated with sufficient precision to enable the individual – if need

48 In Deutsche Bahn the GC examined thoroughly whether the fact that the inspections at the plaintiff’s business premises took
place without prior judicial authorization infringed Article 7 of the Charter/Article 8 ECHR and finally rejected this
argument: Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013)
paras 65-‐‑102.
49 Case C-‐‑94/00 Roquette Frères SA v Directeur général de la concurrence, de la consommation et de la répression des fraudes [2002]
ECR I-‐‑9011, para 29; Bernh Larsen Holding AS v Norway App no 24117/08 (ECtHR 14 March 2013) para 104; Niemietz v
Germany App no 13710/88 (ECtHR 16 December 1992) para 31.
15

be with appropriate advice – to regulate his conduct.50 Especially with regard to cases where
the executive is granted discretion, as is the case with the inspection powers of the
Commission, the ECtHR has consistently held that, “the law must indicate with sufficient
clarity the scope of any such discretion conferred on the competent authorities and the
manner of its exercise” and that discretion cannot be unlimited.51 However, Regulation
1/2003 remains silent on the scope of the Commission’s discretion with regard to digital
evidence gathering and mirroring. The rather descriptive Inspection Note, a soft law text,
clearly does not satisfy the ECtHR case law requirements as found in the Gillan and Quinton
judgment, since it confers on the Commission an unduly wide discretion without providing
for the necessary safeguards, e.g., in cases of provisional copying, to curb this discretion.52
Mirroring was at the heart of the Robathin case decided by the ECtHR.53 The ECtHR had to
assess whether the search in the office of an Austrian lawyer suspected of fraud and
embezzlement and the production of a copy of all files found on the applicant’s computer
system were compatible with Article 8 ECHR. Whilst the infringement only related to a
particular client relationship, the electronic search was extended to all electronic files in the
lawyer’s office. After finding that search and seizure of electronic data interfered with the
applicant’s right to privacy under Article 8 ECHR,54 the ECtHR went on to examine whether
the conditions for lawfulness of such interference were met, in particular, whether the
interference was “necessary in a democratic society”, i.e., proportionate to the aim. However,
the ECtHR found that the search warrant at issue had been couched in very broad terms as it
authorized the search and seizure of documents, computers and electronic data irrespective
of the scope of the investigation in a general and unlimited manner. This would be tolerable
if there were sufficient procedural safeguards against arbitrariness. However, the Austrian
court that reviewed the inspection mandate had given only very brief and rather general
reasons when authorizing the search of all electronic data and did not specify particular
reasons for rendering necessary for the investigation a search of the entirety of the

50 Bernh Larsen Holding AS v Norway App no 24117/08 (ECtHR 14 March 2013) para 123.
51 Gillan and Quinton v United Kingdom App no 4158/05 (ECtHR 12 January 2010) para 77.
52 Ibid para 79.
53 Robathin v Austria App no 30457/06 (ECtHR 3 July 2012).
54 Ibid para 39.
16

applicant’s files, taking the specific circumstances in a law office into account.55 Therefore,
the ECtHR concluded that the electronic search of all data went beyond what was necessary
in the case at issue.56 Although the Robathin case dealt with a criminal case, the same
standard should apply in cartel proceedings in the light of their quasi-‐‑criminal nature due to
the level of fines and stigma associated with cartel offences.
It follows from Robathin that mirroring, albeit not forbidden under the ECHR, is subject to a
stringent proportionality test under ECtHR case law. This is the case unless there are
particular reasons mentioned in the inspection mandate that justify the review and copying
of data outside the scope of the investigation, for example, mirroring at the beginning of the
inspection for data preservation purposes and for prevention of data manipulation. Such
interference with rights protected by Article 8 ECHR is unlikely to pass the proportionality
test.57
In the light of the above, it would therefore be required that the Commission clarifies the
limited purpose of the provisional copying of full datasets and that it discloses the search
terms to the company during the inspection in order to allow verification that the indexing
and review, with the help of search terms, is limited to the scope of the investigation.
4. Issues Arising from Mirroring for Review at the Commission’s Premises
Point 11 of the Inspection Note provides that the review of provisionally copied storage
media for relevant documents can also take place at the Commission’s premises in the
presence of a company representative. The Inspection Note does not provide any guidance
on the following: the organisation of the selection process, the disclosure of the search terms,

55 Robathin v Austria App no 30457/06 (ECtHR 3 July 2012) para 51.
56 Ibid para 52.
57 The ECtHR approach in Robathin with respect to mirroring has been endorsed by the EFTA Court in DB Schenker North
which dealt with an appeal against a decision rejecting a request for access to documents in an antitrust case. The EFTA
Court held that seizure of documents under an administrative procedure may constitute an interference with a company’s
rights pursuant to Article 8 ECHR and that there should be particular reasons to allow the search of all other data beyond
what is covered by the investigation’s scope, having regard to the specific circumstances prevailing in the company so that
seizure and examining of data does not go beyond what is necessary to achieve the legitimate aim. See Case E-‐‑14/11 DB
Schenker North a.o. v EFTA Surveillance Authority (EFTA Court, 21 December 2012) para 166. The judgment is available online
at www.eftacourt.int/cases/.
17

how the company representatives are involved in the review process and how the respect for
privileged and private documents is to be guaranteed. Neither does it state that the review of
electronic data on Commission premises will only apply under exceptional circumstances.
The Inspection Note gives examples of reasons justifying review at the Commission’s
premises, e.g., when the review is not finished in situ, or when access is not possible in situ,
but does not indicate any limitation.
The concerns identified above with regard to the provisional copying of full electronic
datasets on site for subsequent review without any limitation apply even more if the
Commission takes away electronic data en masse under the sealed envelope procedure for
further examination at its premises in Brussels. It follows from its wording that the
underlying assumption of Article 20(2) Regulation 1/2003 is that review of company records
should take place at the company’s premises. The fact that company representatives are
allowed to attend the review does not eliminate the concern because, in the absence of
disclosure of the search terms, they cannot check whether the review remains within the
limits of the scope of the investigation. Also, the size of the data files copied might make it
practically impossible to follow the different review steps.
The sealed envelope procedure (even though not in competition law proceedings) was at the
heart of the Bernh Larsen Holding AS case58 in which the ECtHR had to assess whether a
demand by Norwegian tax authorities that the applicant companies make a mirror copy of a
computer server jointly used by the applicants available for inspection at the tax office was in
accordance with Article 8 ECHR. The applicants had claimed that seizure of the mirror copy
of the server was not necessary in a democratic society and that there had not been effective
safeguards against abuse of the authorities’ powers.59 The ECtHR found that the imposition
of a duty to provide a mirror copy of the server constituted an interference with the
applicants’ “home” and “correspondence” within the meaning of Article 8 ECHR.60 It noted
that the main issue had to do with the fact that, by getting the server mirror copy, the tax

58 Bernh Larsen Holding AS v Norway App no 24117/08 (ECtHR 14 March 2013).
60 Ibid para 106.
18

authorities also seized great quantities of data with no relevance to the tax audit purpose.61 In
view of the fact that the data stored on the server was not clearly separated but instead was
in the form of “mixed” archives, the ECtHR concluded that the fact that inspectors resorted
to a full copy under the applicable legislation allowing digital searches was foreseeable, as
the authorities had to assess all data on the server in order to appraise the matter.62 The
ECtHR then found that the measure of taking a mirror copy of the server was necessary for
the purposes of performing effective tax audits.63 With regard to the proportionality
criterion, the ECtHR noted that the interference was particularly far-‐‑reaching and, therefore,
its legality depended on whether the measure was accompanied by effective safeguards
against abuse.64 The ECtHR found that the law did not confer on the tax authorities an
unfettered discretion regarding the documents they were entitled to inspect, the object of
requiring access to archives and the authorization of the taking of a mirror copy.65 Further,
the applicants had the right to complain to Norwegian courts. Thus, for the duration of the
proceedings the mirror copy was put into a sealed envelope which was opened only after the
Norwegian Supreme Court had affirmed the legality of the tax authority request. The
applicants were invited to attend the opening and the review of the mirror copy.66 Finally,
after completion of the review all data was wiped.67 In view of all these facts and despite the
absence of a prior judicial review of the “seizure” authorization of the mirror copy, the
ECtHR concluded that there were effective and adequate safeguards against abuse and that
the measure was therefore proportionate.68
However, two dissenting ECtHR judges argued that the national law did not precisely define
the conditions for requesting a mirror copy and that, therefore, there were no adequate
safeguards within the meaning of Article 8 ECHR. In their opinion, the review should have
taken place on the spot and not at the tax authority’s premises. Further, in the absence of any

61 Ibid para 129.
62 Ibid para 133.
63 Ibid para 161.
64 Ibid para 163.
65 Ibid para 164.
66 Ibid paras 165-‐‑169.
67 Ibid para 171.
19

suspicion of fraud, the removal of the mirror copy was, in their view, disproportionate.
According to the dissenting judges, the interest of the tax authorities in a convenient review
had been given disproportionate weight with respect to the interests of the parties affected.
It is doubtful whether the Commission’s sealed envelope procedure is explained with
enough clarity in the Inspection Note to allow a finding that sufficient safeguards apply
against the abuse of power by the authority. First, it does not clarify the circumstances under
which the Commission will resort to it even though it follows from the Robathin precedent
that a full search is only allowed under exceptional circumstances. It only mentions the right
of a company representative to be present but does not provide any further explanation of
the process, e.g., the writing of a report, the return of irrelevant material or the handling of
privileged documents. Even more importantly, under the current EU system there is no
separate judicial review available (see below D.). However, the availability of immediate
judicial review was a key consideration in Bernh Larsen and Robathin. In the Bernh Larsen case,
the sealed envelope was not opened until after the national court’s judgment.
Therefore, unless a clear process is identified in the Inspection Note detailing how the actual
review of significant amounts of data is supposed to take place, and in the absence of a
judicial review of measures implementing an inspection decision, the risk remains that the
company’s right to privacy is violated.
5. Privileged Documents – Are There Effective Safeguards Against Disclosure During
Searches for Digital Evidence?
Protection of documents falling under legal privilege during the electronic search of evidence
in dawn raids is another important issue which is neither addressed in the Inspection Note
nor in the Commission’s antitrust manual of procedure.69 Legal privilege is a fundamental
right and part of the company’s rights of defence that must be respected, both in the
preliminary investigation and during the main proceedings. It is settled CJEU case law that
legal privilege protects the confidentiality of communication, irrespective of the means of

69 Available at http://ec.europa.eu/competition/antitrust/antitrust_manproc_3_2012_en.pdf.
20

communication, between an independent outside counsel and the client, and that it covers
communications made for the purpose of and in the interests of the client’s rights of
defence.70 The Commission is not allowed to take even a cursory glance at documents
claimed to fall under the legal privilege if the company refuses it.71 Should a dispute arise
between the Commission’s inspectors and the company about the privileged nature of a
document, the Commission is obliged to put the contested document in a sealed envelope
and try to solve the dispute at a later stage with the help of the hearing officer. Should this
attempt fail, the Commission must issue a decision rejecting the company’s claim for
protection under legal privilege, which the company can challenge before the GC.72
This case law of the EU courts has led to companies and lawyers marking privileged
documents explicitly as such, in order to prevent potential disclosure during dawn raids. In
the course of paging through physical documents it is easier for the company under
inspection to call the inspectors’ attention to privileged documents and ensure respect of the
legal privilege. The picture changes in the case of sifting through electronic data with the
help of search terms since such searches can result in privileged documents being marked as
responsive to the search. As stated above with respect to documents outside the scope of the
investigation, it is the sheer number of documents found electronically that may render a one
by one control of them by the company’s legal counsel or personnel during the inspection
impossible. This increases the risk of the Commission reviewing, even unintentionally,
privileged documents, thereby undermining the company’s rights of defence.
It is, therefore, important to provide adequate safeguards against a potential compromise of
legal privilege during the gathering of electronic evidence. This can be done in two ways: by
addressing rather practical issues and by dealing with judicial protection. Firstly, it is
necessary that companies take precautionary steps to assist the Commission in the
identification of privileged documents and to prevent unintentional review of privileged

70 Case 155/79 AM&S v Commission [1982] ECR 1575, para 18 et seq; Case C-‐‑550/07 Akzo Nobel Chemicals and Akcros Chemicals v
Commission [2010] ECR I-‐‑8301, para 41.
71 Joined Cases T-‐‑125/03 and T-‐‑253/03 Akzo Nobel Chemicals and Akcros Chemicals v Commission [2007] ECR II-‐‑3523, para 82.
72 See Commission notice on best practices for the conduct of proceedings concerning Articles 101 and 102 TFEU, [2011] OJ C
308/6.
21

documents by the Commission inspectors. For this purpose, they may keep privileged
documents separate, e.g., in special electronic folders that are labelled as containing
privileged documents. Companies may also voluntarily provide the Commission inspectors
with a list of search terms which may render a document potentially privileged. They may
then request the inspectors to run these search terms against the set of data indexed by the
Commission and separate the hits for pre-‐‑review by the company’s counsel. However, it is
not clear whether the Commission would accept such a practice.
Further, an enhanced level of judicial review of inspections is required (see also below D) so
that potential infringements of rights of defence by acts implementing an inspection decision
can be addressed earlier, rather than together with the final fining decision. The possibility of
a standalone action has already been confirmed by the European courts with respect to
privileged documents.73 The picture changes, however, when the company under inspection
cannot identify specific privileged documents that have been copied but, nonetheless, wants
to challenge en masse copying of electronic files because of the risk that privileged documents
will be reviewed.
In the Inspection Note, the Commission should define how it intends to deal with privileged
documents in the context of its temporary copying of large electronic files and the sealed
envelope procedure.
D. Judicial Review of Digital Evidence Gathering as Acts Implementing the Inspection
Decision
In the light of the lack of clarity with regard to the Commission’s approach to digital
evidence gathering and the absence of procedural safeguards in Regulation 1/2003 and the
Inspection Note, the question arises whether these deficiencies are compensated by effective
legal review by the European courts.

73 Joined Cases T-‐‑125/03 and T-‐‑253/03 Akzo Nobel Chemicals and Akcros Chemicals v Commission [2007] ECR II-‐‑3523, para 48.
22

1. EU Case Law
In Nexans,74 an electric cable producer that had been raided by the Commission for suspected
participation in a cartel challenged the legality of a decision taken by the Commission during
the inspection to copy in its entirety the content of certain computer files in order to examine
these files later at the Commission’s premises. This means that the applicant asked for
judicial review of the sealed envelope procedure now explained in the Inspection Note at the
GC.
It should be recalled at this point that, according to settled EU case law, acts against which
an action for annulment may be brought under Article 263 TFEU are those which produce
binding legal effects capable of affecting the applicant’s interests by bringing about a distinct
change in his legal position.75 Further, case law of the EU courts recognizes that:
[A]cts adopted in the course of the preparatory procedure which were themselves the
culmination of a special procedure distinct from that intended to permit the Commission to
take a decision on the substance of the case and which produce binding legal effects such as to
affect the interests of an applicant, by bringing about a distinct change in his legal position,
also constitute challengeable measures.76
For example, this is the case when the Commission decides to review privileged documents
during an inspection and thereby deprives the company of protection offered by EU law.77
However, an intermediate measure intended to pave the way for the final decision is not a
challengeable measure.78 The GC pointed out in Nexans that the examination and copying of
documents as well as the questioning of employees formed an intrinsic part of any
inspection ordered under Article 20(4) Regulation 1/2003.79 Consequently, mirroring, in the

75 Case T-‐‑135/09 Nexans France SAS and Nexans SA v Commission (GC, 14 November 2012) para 115; Case 60/81 IBM v
Commission [1981] ECR 2639, para 9; Joined Cases T-‐‑10/92 to T-‐‑12/92 and T-‐‑15/92 Cimenteries CBR a.o. v Commission [1992]
ECR II-‐‑2667, para 28.
76 Case T-‐‑135/09 Nexans France SAS and Nexans SA v Commission (GC, 14 November 2012) para 116; Case 60/81 IBM v
Commission [1981] ECR 2639, paras 10-‐‑11.
78 Ibid para 116.
79 Ibid para 121.
23

GC’s view, constituted mere implementation and, as such, a non-‐‑actionable measure.80 Since
the applicant had not claimed privilege for specific documents at the time of the inspection,
the GC found that, as a result, the Commission did not adopt a decision withholding that
protection from the applicant which would have been subject to an appeal of its own.81
While the GC found that the contested mirroring did not constitute an actionable measure, it
concluded that there were, nonetheless, three alternative routes to legal review. The legality
of these acts could be examined in the context of an action against the final decision or an
action for annulment of a decision imposing a penalty. This scenario presupposes that the
company refuses to allow the misconduct during the inspection, thereby provoking a fining
decision by the Commission for obstruction of the inspection. The Court also mentioned the
possibility that the company might bring an action for non-‐‑contractual liability if it believes
that the implementing measure was illegal and caused it to suffer harm.82
The GC did not examine whether the ex post judicial protection available to a company
affected by an “implementing” measure concerning digital evidence gathering during an
inspection complied with the requirements for protection of the right to an effective remedy
enshrined in Article 47 of the Charter, as they emanated especially from ECtHR case law.83
2. Drawbacks of the Judicial Review of Mirroring at the EU level
All three options of judicial review available to the company, however, give rise to severe
drawbacks which justify the question as to whether the judicial review is effective. Apart
from the fact that it is unlikely that many companies will opt to intentionally aggravate the
Commission, obstruction of the inspection will not always lead to the Commission adopting
a separate, directly challengeable fining decision for obstruction of the inspection. The
Commission may well refrain from a separate fining decision and simply consider the
obstruction as an aggravating circumstance in the final calculation of the fine for the antitrust
infringement. Further, such a solution would mean that an undertaking would have to

80 Ibid para 132.
81 Ibid para 130.
83 Charter of Fundamental Rights of the European Union, [2010] OJ C 83/389.
24

breach EU law (here, the duty of cooperation during an investigation) in order to get a legal
remedy. However, it is a basic principle of EU law that a natural or legal person must not be
obliged to violate a rule in order to get effective legal protection.84
The second option available, to appeal against the “implementing measure” incidentally by
challenging the final fining decision, is also unsatisfactory. In this case, it is necessary that the
representatives of the company under inspection ask the Commission inspectors to record
any alleged irregularity during the dawn raid in the official minutes of the inspection
without opposing the inspection as such.85 However, challenging the implementing measure
together with the final case decision suffers from two main disadvantages. Firstly, judicial
review through a challenge to the final fining decision can be extremely belated. This
argument gains in importance when considering the lengthiness of cartel proceedings.86 By
the time the action for annulment of the final fining decision is heard, the momentum for
challenging measures taken during the inspection may be lost and a decision on the merits of
the case will already have been taken. Moreover, the court’s sympathy with an offender who
has suffered procedural irregularities will be limited.87
If the challenge to an implementing measure under Article 263 TFEU is difficult, bringing a
claim for damages under Article 340(2) TFEU which provides for the non-‐‑contractual liability
of the EU may be even more cumbersome. Such non-‐‑contractual liability depends on the
fulfilment of three conditions: infringement by an EU institution or by its officers of a rule of
law intended to confer rights on individuals; a sufficiently serious breach of that rule; and
the existence of a direct causal link between the breach and the damage sustained by the
injured parties.88 The main problem for the complaining undertaking would most probably

84 See Case C-‐‑432/05 Unibet v Justitiekanslern [2007] ECR I-‐‑2271, para 64.
86 Some examples: In the case of the TV and computer monitor tubes cartel (Case COMP/39.437) and of the freight forwarding
cartel (Case COMP/39.462), inspections were conducted in 2007, while the fining decisions were issued in 2012. In the case
of the banana cartel (Case COMP/39.482), inspections were carried out in 2007 and the decision was issued in late 2011. See
for more information http://ec.europa.eu/competition/cartels/cases/cases.html.
87 See in this respect Javier Ruiz Calzado/Gianni de Stefano, “Rights of defence in cartel proceedings: some ideas for manageable
improvements”, in: Constitutionalizing the EU judicial system – Essays in honour of Pernilla Lindh, p. 429.
88 See Case C-‐‑352/98P Laboratoires pharmaceutiques Bergaderm SA and Jean-‐‑Jacques Goupil v Commission [2000] ECR I-‐‑5291, paras
39-‐‑42.
25

be establishing the causation link between the Commission’s misconduct and the damage
suffered. This difficulty becomes apparent if the search terms used by the Commission’s
officials are not covered by the scope of the inspection mandate and the Commission does
not disclose, either before or after the inspection, the search term list to the undertaking
concerned. A further issue would be the quantification of the damage suffered, especially if
the Commission came to the conclusion that the undertaking inspected actually infringed EU
competition law. Finally, an action for damages does not resolve the question regarding the
use of evidence obtained as a result of the alleged irregularity.
Interim measures prohibiting the Commission from mirroring or making use of evidence
obtained through mirroring are also unrealistic because it is likely that the company will not
be able to substantiate any serious and irreparable damage as a result of the Commission’s
misconduct, even if its rights have undeniably been violated.89 In its recent Pilkington
judgment,90 which affirmed the operative part of the Order of the President of the GC in the
same case but quashed some of the grounds,91 the CJEU reiterated that a harm is not
considered irreparable merely because it arises from or consists of a violation of fundamental
rights. A party seeking interim protection has to set out and establish the likelihood of such
harm.92 In this context, it should be mentioned that purely financial damage does not usually
constitute serious and irreparable harm, since, according to the Court of Justice, it can be
recouped by means of an action for damages based on Article 340 TFEU.93 Further, as the GC
held in its order in the Pilkington case, disclosure of confidential information to the
Commission, a public authority under a duty to respect professional secrecy, cannot
obviously amount to a serious and irreparable harm.94
It becomes clear from the above that judicial review of implementing measures during an on-‐‑
site inspection such as a digital search with keywords or mirroring is particularly difficult
and is associated with great uncertainty for companies involved in antitrust proceedings.

89 John Temple Lang “Legal problems of digital evidence” [2013] Journal of Antitrust Enforcement 1, 19.
90 Case C-‐‑278/13P(R) Commission v Pilkington (CJEU 10 September 2013).
91 Case T-‐‑462/12R Pilkington Group v Commission (GC 11 March 2013).
92 Case C-‐‑278/13P(R) Commission v Pilkington (CJEU 10 September 2013).
93 Ibid para 50.
94 Case T-‐‑462/12R Pilkington Group v Commission (GC 11 March 2013) para 56.
26

This raises the question of whether this standard of review meets the requirements of the
fundamental right to an effective remedy enshrined in Article 47 of the Charter.
3. Standard of Review of Inspection Decisions Under the ECHR
Article 47 of the Charter stipulates the right to a fair trial and the right to an effective remedy
before a court for everyone whose rights and freedoms that are guaranteed by EU law are
violated. Article 47(1) of the Charter, which provides for the right to an effective remedy, is
modelled on Article 6(1) and Article 13 ECHR,95 whilst Article 47(2) of the Charter, which
lays down the right to a fair trial, corresponds to Article 6(3) ECHR.96 This means that Article
52(3) of the Charter, which provides the so called “homogeneity” clause, stipulates that
where Charter rights correspond to ECHR rights the meaning and the scope of those rights
will be the same as those laid down by the ECHR, is applicable to Article 47 of the Charter.97
In view of the fact that ECHR case law becomes at least indirectly binding at EU courts, the
ECtHR rulings in Ravon, CanalPlus, Primagaz, Robathin and Bernh Larsen Holding AS have far-‐‑
reaching implications for the standard of judicial review currently afforded at the EU level
with respect to inspection decisions in general and mirroring in particular, even though they
are only partly concerned with competition proceedings.
In Ravon, where the appellants challenged the legality of an inspection of company premises
by French tax authorities, the ECtHR held that Article 6(1) ECHR meant that every natural or
legal person affected by a search in their home/premises should be able to obtain effective
judicial review, both in facts and in law, of the legality of the decision ordering the visit and,
where necessary, of measures taken on the basis of the inspection decision. It also found that
the remedies available should allow, in the case of finding an irregularity in the decision,
either the prevention of the search from being carried out or, in case the unlawful measure

95 In case of applicability of Article 6(1) ECHR, this provision supersedes Article 13 ECHR, as it constitutes a lex specialis and
its requirements are stricter than those of Article 13 ECHR; see Ravon a.o. v France App no 18497/03 (ECtHR 21 February
2008) para 27.
96 See Explanations relating to the Charter of Fundamental Rights, [2007] OJ C 303/29.
97 The CJEU has already applied this Charter provision on the interpretation of Article 7 of the Charter, which guarantees the
right to respect for private and family life, home and communications: Case C-‐‑400/10PPU J. Mcb. v L.E. [2010] ECR I-‐‑8965,
para 53.
27

was already implemented, provide the person concerned with appropriate relief.98 It is of
particular interest in the digital search context that the ECtHR stressed in Ravon that effective
judicial review should not only be available against the decision ordering the inspection, but
also against “measures taken on the basis of the inspection decision”.99
In CanalPlus100 and Primagaz101 the ECtHR had to decide on the legality of dawn raids carried
out by the French competition authority at the premises of a media company and of an
energy provider suspected of antitrust violations. The ECtHR referred to the Ravon case law
with respect to the requirements of an effective remedy in cases of inspection decisions and
found that there had been a violation of Article 6(1) ECHR since, despite an amendment of
the relevant provisions of French law after the Ravon judgment to allow for the review of an
inspection both in facts and in law, the applicants could only challenge irregularities of the
inspection together with the final fine decision of the French competition authority.
However, such a possibility did not comply with the requirements of an “appropriate relief”
as the remedy depended both on the issuance of a fine decision and on the filing of an appeal
against it. The ECtHR clarified that “appropriate relief” also meant that an aggrieved party
had the certainty of getting effective judicial review of a contested measure within a
reasonable timeframe.102
The importance of effective legal review is supported by the ruling in Robathin, where the
ECtHR found that deficiencies in the limitation of the search warrant could be offset by
sufficient procedural safeguards.103 In that respect, it was considered important by the
ECtHR that the applicant had the opportunity to challenge the seizure in an Austrian court.
The ECtHR also looked into the manner in which the Austrian Court exercised its
supervisory function and found that it had given only general reasons to justify the full
electronic search and had not engaged in an assessment of whether particular circumstances

98 Ravon a.o. v France App no 18497/03 (ECtHR 21 February 2008) para 28.
99 Ibid para 28.
100 Société Canal Plus a.o. v France App no 29408/08 (ECtHR 21 December 2010).
101 Compagnie des gaz de pétrole Primagaz v France App no 29613/08 (ECtHR 21 December 2010).
102 Compagnie des gaz de pétrole Primagaz v France App no 29613/08 (ECtHR 21 December 2010) para 28; Société Canal Plus a.o. v
France App no 29408/08 (ECtHR 21 December 2010) para 40.
103 Robathin v Austria App no 30457/06 (ECtHR 3 July 2012) para 47.
28

justified the copying of the full database. Similarly, the ECtHR attached importance to the
availability of judicial review in Bernh Larsen.104 In that case, the sealed envelope containing
the mirror image of a data set was not opened prior to the Norwegian Supreme Court’s
decision.
The Robathin and Bernh Larsen cases suggest that a separate legal review of mirroring is
required in order to overcome the deficiencies in Article 20 Regulation 1/2003 and the
Inspection Note as far as digital evidence gathering is concerned. While both cases were not
concerned with competition law proceedings (Robathin involved criminal proceedings and
Bernh Larsen administrative tax proceedings) a high standard should apply in EU cartel
proceedings in light of their quasi-‐‑criminal nature.105 Further, despite the ECtHR’s finding in
Jussila that criminal-‐‑head guarantees may not apply in their full stringency to criminal
charges of minor weight that do not carry any significant degree of stigma.106
In Deutsche Bahn the GC found that, by referring to ECtHR case law, prior judicial review of a
Commission inspection decision by a court was not necessary because the company was
protected by sufficient safeguards in the procedure, and analysed those safeguards in
detail.107 It mentioned five categories of guarantees: the reasoning in the inspection decision;
the limitations of the Commission’s powers in the course of the inspection; the absence of
power to use force; the involvement of national bodies in the review of the inspection
decision; and the possibility of ex post legal review. It is exactly because of the absence of
sufficient procedural safeguards with regard to digital evidence gathering that a separate
judicial review of this implementing measure appears to be required.

105 Menarini Diagnostics v Italy App no 43509/08 (ECtHR 27 September 2011), para 42; Case E-‐‑15/10 Posten Norge v ESA (EFTA
Court, 18 April 2012) para 90; Case C-‐‑272/09P KME v Commission (CJEU, 8 December 2011), Opinion of AG Sharpston,
para 67; Case C-‐‑501/11P Schindler v Commission (CJEU, 18 July 2013) Opinion of AG Kokott, para 25; GC against criminal
nature Case T-‐‑138/07 Schindler v Commission [2011] ECR II-‐‑4819, para 53.
106 Jussila v Finland App no 73053/01 (ECtHR 23 November 2006) para 43.
107 Joined Cases T-‐‑289/11, T-‐‑290/11 and T-‐‑521/11 Deutsche Bahn AG a.o. v Commission (GC, 6 September 2013) para 73 referring
to Harju v Finland App no 56716/09 (ECtHR 15 February 2011) para 42; Heino/Finland App no 56720/09 (ECtHR 15 February
2011) para 43.
29

It is also doubtful whether the incidental review of measures taken during the inspection
within the course of appeal proceedings against the final fining decision that usually take
place several years after the inspection and the potential misconduct satisfy the “reasonable
time” criterion established in Primagaz108 and CanalPlus.109 It remains to be seen whether the
CJEU will take the fundamental rights aspect into account in deciding on the appeal in the
Nexans case.
E. Conclusions and Outlook
The Commission’s access theory, on the basis of which it claims to be entitled to access
electronic data located on servers outside the EU, is not beyond doubt in the light of the
public international law principle of territoriality. Since digital evidence gathering interferes
with the company’s rights of defence and fundamental right to privacy, the Commission
should be more careful in explaining its approach than in the current version of the
Inspection Note in order to ensure that there are sufficient procedural safeguards against
abuse of investigation powers by the inspectors.
The disclosure of the inspectors’ search terms to the company is necessary in order to enable
it to assess whether the review of significant amounts of provisionally copied electronic data
stays within the scope of the investigation as required by the Nexans, Prysmian and Deutsche
Bahn cases of the GC. The en masse provisional copying of data should also be subject to a
strict proportionality standard and this should be explained in the Inspection Note. The
handling of privileged documents in the context of mirroring of electronic data currently
remains unclear. The Inspection Note should also clarify that the Commission will only
resort to the sealed envelope procedure under exceptional circumstances. The process of the
sealed envelope procedure, for example, the rights of the company and its legal
representatives, should be laid out more clearly in the Inspection Note.
The current EU case law on digital evidence gathering as an implementing measure of an
inspection which is not subject to a separate judicial review should be reconsidered by the

108 Compagnie des gaz de pétrole Primagaz v France App no 29613/08 (ECtHR 21 December 2010) para 28.
109 Société Canal Plus a.o. v France App no 29408/08 (ECtHR 21 December 2010) para 40.
30

CJEU in light of the more recent ECtHR case law. Further, consideration should also be given
to the implications of the Pilkington case on the chances of success of actions for injunction
against implementing measures in dawn raids.
31

SSRN Id2355033

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SSRN Id2355033

Загружено:

Авторское право:

Доступные форматы

20th St.

Gallen International Competition Law Forum ICF

Chair: Prof. Dr. Dr. h.c. Carl Baudenbacher

April 4th and 5th 2013

Rights of Defence and Fundamental Rights

Electronic copy available at: http://ssrn.com/abstract=2355033

conducting on-­‐‑site inspections are usually accompanied by a team of IT experts entrusted

of the European Union (“CJEU”).4

assistance where needed.5

Electronic copy available at: http://ssrn.com/abstract=2355033

to provide required passwords or any, even unintentional, tampering with computers or

email accounts blocked by the Commission is considered an obstruction of the inspection.

Since digital evidence gathering as part of unannounced inspections at business premises

Electronic copy available at: http://ssrn.com/abstract=2355033

judicial review, another fundamental right to be respected.

B. The Commission’s Approach to Digital Evidence Gathering

concerning paper documents.11

reviewed on the Commission’s computers using search terms determined by the

officials in the presence of the company’s representatives. It is up to the Commission’s

with paper copies of the electronic evidence found.15

temporarily stored on devices belonging to the Commission (the so-­‐‑called “sanitization”

company without their content being wiped.16

envelope” or “continued inspection” procedure and considers it to be an exception to the

sealed envelope and assist in the review process.18

the inspection is not tantamount to a fishing expedition.

final decision that finds an infringement.

Article 21 Regulation 1/2003 extended the Commission’s competencies by granting it the

constitute the backbone of a company’s IT infrastructure are situated at the company’s

CD-­‐‑ROM, DVD, USB-­‐‑key and so on) of the undertaking”.

be provided in advance by bilateral or multilateral treaties between the EU and other

2. Legal Limitations of Keyword Searches

the investigation as defined in the inspection decision.

infringement.29 Moreover, the inspection mandate must mention the Commission’s

prevent the company from hiding evidence.36

suspect an antitrust violation.43

investigation because the GC rejected a number of arguments raised by the applicant

are disclosed to the company by the inspectors.

3. Issues Arising from Temporary Copying for an On-­‐‑Site Review

Provisional copying of electronic data inevitably means that a significant number of

company inspected, it is questionable whether the practice of copying electronic data en

not entitled to look at, such as privileged documents or documents of a non-­‐‑business

Of course, it could be argued by the Commission that keyword searches of provisionally

inspection mandate without prior knowledge of the search terms.

the protection of the rights and freedoms of others.

but does not indicate any limitation.

practically impossible to follow the different review steps.

the measure was therefore proportionate.68

It is doubtful whether the Commission’s sealed envelope procedure is explained with

company’s right to privacy is violated.

5. Privileged Documents – Are There Effective Safeguards Against Disclosure During

Searches for Digital Evidence?

nor in the Commission’s antitrust manual of procedure.69 Legal privilege is a fundamental

legal privilege protects the confidentiality of communication, irrespective of the means of

privileged documents, thereby undermining the company’s rights of defence.

identification of privileged documents and to prevent unintentional review of privileged

not clear whether the Commission would accept such a practice.

will be reviewed.

D. Judicial Review of Digital Evidence Gathering as Acts Implementing the Inspection

legal review by the European courts.

1. EU Case Law

documents as well as the questioning of employees formed an intrinsic part of any

affected by an “implementing” measure concerning digital evidence gathering during an

argument gains in importance when considering the lengthiness of cartel proceedings.86 By

conducting on-‐‑site inspections are usually accompanied by a team of IT experts entrusted

temporarily stored on devices belonging to the Commission (the so-‐‑called “sanitization”

CD-‐‑ROM, DVD, USB-‐‑key and so on) of the undertaking”.

3. Issues Arising from Temporary Copying for an On-‐‑Site Review

not entitled to look at, such as privileged documents or documents of a non-‐‑business