- Introduction
“Guidelines on Examination of Digital Data in On-Site Inspection” [“the Guideline”][1] is published by the Competition Authority [“Authority”] on 09.10.2020 to identify the general principles regarding to Article 15 of the Law on the Protection of Competition numbered 4050 [“the Law”] [2] which was amended with the law numbered 7246 and dated 16.06.2020 [“the Amendment”][3].
The Amendment is related to the on-site inspections of all information and documents in companies’ physical records as well as those in electronic space and IT systems by the Authority, hence, with the Guideline, explanations that determine the principles of the process of examining data and / or taking copies of them, bringing them to the headquarter of Competition Authority and keeping them are set forth.
The power of “on-site inspection”[4] is one of the most important investigative tools used by the Authority to effectively combat confidential cartel structures and is regulated in the Article 15 of the Law. In fact, in many Competition Board decisions as given below, the importance of on-site inspection authority and the necessity of its effective use are mentioned.
“On-site inspection authority is one of the most important tools used to reveal whether the Law No. 4054 has been violated. Effective use of this power is of great importance in revealing competition violations.”[5]
On-site inspection authority caused many discussions in Turkey in terms of electronic devices prior to the Amendment on 24.06.2020. Even though it was possible to include digital data of undertakings within the scope of on-site inspection prior to the Amendment, it was only possible with the extensive interpretation of the related article and the Judicial jurisprudence established on the fact that the experts of the Authority, who have been examining the relevant undertakings for many years, can examine electronic documents and correspondence and make copies / prints on the computer systems of the relevant enterprises.
With the Amendment; subclause (a) of the first paragraph of Article 15 which states that “Examine the books, any paperwork and documents of undertakings and associations of undertakings, and take their copies if needed” has been changed as “Examine the books, all kinds of data and documents kept in physical and electronic media and information systems of undertakings and associations of undertakings, and take copies and physical samples of these”. At this point, it should be noted that, as mentioned above, electronic media examination was carried out by the Authority during on-site inspection before the Amendment, however, there were many discussions in terms of the scope, boundaries and legitimacy of the inspection, as well as many actions for annulment were also filed. Hence it can be said that, the scope of the on-site inspection authority has been further clarified with the Amendment, and the authority to examine the books, physical and electronic media and data kept in information systems and to make copies/print outs has been clarified.
The provision added with the Amendment that “the authority to examine all kinds of data and documents kept in electronic media and information systems, and to take copies and physical samples of them” is a subject that is also included in the European Union legislation, especially in the “Council Implementation Regulation No. 1/2003 in European Union Law” which has played an important role in the realization of the Amendment in terms of competition law in Turkey. As a matter of fact, the text prepared in European Law regarding the relevant article regulated with “Explanatory note on Commission inspections pursuant to Article 20(4) of Council Regulation No 1/2003”[6] which revised in 2015 is as follows and is similar to the amended 15th Article of the Law.
“10. The Inspectors may search the IT-environment (e.g. servers, desktop computers, laptops, tablets and other mobile devices) and all storage media (e.g. CD-ROMs, DVDs, USB keys, external hard disks, backup tapes, cloud services) of the undertaking. This applies also to private devices and media that are used for professional reasons (Bring Your Own Device -BYOD) when they are found on the premises. For this purpose, the Inspectors may not only use any built-in (keyword) search tool but may also make use of their own dedicated software and/or hardware (“Forensic IT tools”). These Forensic IT tools allow the Commission to copy, search and recover data whilst respecting the integrity of the undertakings’ systems and data.”
It should be noted that; although there is no doubt that the new regulation on on-site inspection authority is brought in accordance with the needs, the fact that the authority is not clearly regulated especially in terms of the Amendment raise great concerns especially for enterprises.
- Who is authorized to review digital data?
With the amended of Article 15 of regulation, the authority for on-site inspection has been given to the Board as the text of the article states “In carrying out the duties assigned to it by this Act, the Board may perform examinations at undertakings and associations of undertakings in cases it deems necessary. To this end, it is entitled to” It is the Competition Board that should be understood from the expression “board” in the article text. In this direction, no change has been made with the Amendment, as before, this authority is exercised by the Board by the officers working within the Board. As a matter of fact, while it is stated in the Guideline that on-site inspection will be carried out by the Professional Personnel; it was stated that the term “Professional Personnel” should be understood as the Chief Competition Expert, Competition Expert and Assistant Competition Expert.
- What digital data will be analysed?
As stated in Article 3 of the Guideline, the Professional Personnel is authorized to examine the information systems such as the server, desktop / laptop, portable device and storage devices such as CD, DVD, USB, external hard disk, backup records, cloud services. At this point, the tools subject to examination are not limited in number, and in line with the expression “such as”, it is understood that any digital tool can be the subject of examination.
It should especially be noted that perhaps the most discussed issue regarding the Amendment is the inclusion of personal and portable communication devices such as mobile phones and tablets within the scope of on-site inspection authority. In fact, the examination method regarding portable communication devices differs from other examination methods at this point.
First, such devices are not subject to direct examination but to “general overview” at the beginning to determine whether there is a data regarding the subject of examination. If it is determined that the examined device contains any data regarding the Undertaking, it is decided that the device will be subject to examination. Otherwise, the relevant device is not subject to examination.
Within this framework, it should be noted that making personal communication tools the subject of examination is a matter of concern in many aspects such as the protection of trade secrets, the privacy of attorney-client communication, the right to privacy, the right to the protection of personal data etc. Hence, following the publication of the Amendment, there has been an intense criticism of the Amendment in general and especially on this article from many segments including lawyers and undertakings because the meaning and boundaries of the term “general overview” in the article, whose scope is very broad and open to interpretation, is not determined and it is a very ambiguous concept to determine whether the device subject to examination contains any data regarding the Undertaking.
“As a result of a quick review to determine whether portable communication devices (mobile phones, tablets, etc.) contain digital data belonging to the enterprise, it is decided whether these devices will be examined or not.”
- How will digital data be analysed?
The subject of the on-site inspection authority is the information, documents and assets of the Undertaking suspected of violating competition. The scope of investigation, which has expanded especially in terms of digital data with the Amendment, requires special examination methods in terms of its nature. In this direction, as stated in the Guideline, the keyword search tools in the systems belonging to the enterprise or Forensic Informatics software and hardware that allow qualified searches in digital data are used by the Professional Personnel. This is because, as much information, documents and data are examined within the scope of on-site inspection, the analysed data also contain great differences in terms of type. For example, while physically recorded files, notes, reports etc. regarding the enterprise are examined, on the other hand, digital data such as e-mails, digital records, WhatsApp correspondence are analysed.
At this point, Forensic Informatics is used as a tool to analyse data. As stated in the Guideline, Forensic Informatics provides “to search digital data during the examination, to copy these data and to restore the deleted data, to preserve the originality and integrity of the data and systems of the enterprise.” Besides, the digital data to be analysed may be partially or completely copied to separate data stores by forensic methods if it is deemed necessary by the assigned Professional Personnel during the examination.
In summary, the process proceeds in the form of examining the data with forensic tools, copying the analysed digital data to data storages, indexing, and examining the copied data by the Professional Personnel. As a result of the examination, the data that are considered to be evidence within the scope of the folder are separated, while all other data that are not seen as evidence are permanently deleted. As stated in the manual, indexing is the making of digital data obtained from the undertaking by using forensic software, searchable by keywords. In this way, the inspection process is facilitated, and the inspection time is shortened. It should be noted that at the end of the examination, all data stores used during the examination are deleted in such a way that their data cannot be recovered, except for the data stores that contain digital data submitted to the undertaking and a sample of which is taken by the Professional Personnel.
The important issue regarding how to analyse digital data is the examination of portable communication devices such as phones and tablets belonging to individuals. Because the fact that the boundaries of the examination procedure expressed as “General Overview” are not clear raises the question of whether there will be a violation of property law and personal data law. As a result of the “General Overview”, portable communication devices that are determined to contain data belonging to the Enterprise will be examined again through forensic information tools, and in the same way, as a result of the examination, the data considered to be evidence within the scope of the file will be parsed and all other data that are not seen as evidence will be permanently deleted. However, we are of the opinion that there is no explanation neither in the Amendment nor in the Guideline to eliminate the concerns about whether the mentioned legal rules will be violated in this process.
- Where will digital data be analysed?
As a rule, the review should be completed on the Undertaking’s premises. In this respect, the main place of the investigation is the premises of the Undertaking. However, as mentioned above, the scope of on-site inspection is very wide, therefore, it is often not possible to complete the examination at once. In fact, this is the purpose of storing information, documents, and data with forensic tools. In this direction, if it is deemed necessary in accordance with Article 10 of the Guideline, a decision may be taken to continue the examination process in the forensic informatics laboratory within the Institution. The important point here is that the examination of the mobile phone as a portable communication tool must be completed in the enterprise campus in any case.
- How will a trade secret report be made?
As stated above, one of the source points of criticism against the law change is trade secrets. Considering that all kinds of documents, information and data belonging to the Undertakings are the subject of examination, it is very likely that the analysed and / or copied data contain trade secrets belonging to the Undertaking. At this point, as regulated in Article 11 of the Guideline, it is regulated that if the relevant undertaking claims that there is data in the nature of trade secret among the digital data, which are considered as evidence and included in the file, action will be taken under the “Communiqué on the Regulation of the Right of Entry to the File and the Protection of Trade Secrets No. 2010/3” [7] [“Communiqué No. 2010/3”]. The reason is that, with the Communiqué No. 2010/3, the procedures and principles regarding the use of the rights of the parties to the file and the determination of the trade secret characteristics of the information obtained during the implementation of the Law and the principles and procedures for the protection of the information and documents classified as trade secret are regulated.
- What is the scope of attorney client confidentiality?
One of the most criticized issues of the Guideline is that the principle of attorney-client confidentiality will be violated in line with this regulation. As a matter of fact, although, according to Article 12 of the Guideline, the correspondence between the independent lawyer and the client who does not have an employee-employer relationship will be deemed to belong to the professional relationship and the data copied during the on-site inspection will be within the scope of the lawyer-client confidentiality principle, in the continuation of the article, the provision of “correspondence on matters that are not directly related to the exercise of the right of defence, especially to assist an infringement of competition or to conceal an ongoing or future violation, cannot benefit from the said protection” has been arranged. In this direction, it will be possible to examine the data of the undertakings within the scope of lawyer-client confidentiality and to evaluate whether these data are in the mentioned subject.
However, the Institution declared many times the importance of the principle of Attorney-Client confidentiality in its decisions such as the decision dated 02.12.2015 and numbered 15-42 / 690-259 (Dow Decision), the relevant part of which is given below, which states that the basis of this principle is to ensure that the consultancy recipients present all the information they have to their lawyers without worrying that the information obtained and the correspondence will be revealed without their consent and that they can use their defence rights in a real sense. Accordingly, we are of the opinion that the last sentence of the aforementioned article of the Guidelines is worrying for undertakings, hence it is likely to violate the principle of attorney-client confidentiality.
“The principle of confidentiality of information and documents (Legal Professional Privilege) arising from the professional relationship of the lawyer with his client protects this communication by preventing the compulsory disclosure of the correspondence they make with their lawyers and the information they give them during the legal consultancy service of the enterprises or individuals. The purpose of this protection is to relieve the consultancy persons from the worry that the information obtained and the correspondence will come out without their consent, and to provide all the information they have to their lawyers and to ensure that their defence rights can be used in real terms. “[8]
- Conclusion
Although the On-Site Inspection authority is an important tool in terms of the protection of the competition law, it causes highly related results with other branches of law due to the scope of the examination. As a matter of fact, while the property right is touched by examining the information, documents and assets of the enterprises within the scope of on-site inspection, it is also related to the personal data law since the data subject to examination are the personal data of the enterprises. On the other hand, taking all kinds of data related to undertakings into the scope of investigation brings up the trade secret issue, which is one of the most discussed and criticized issues in terms of investigations. As a matter of fact, within the scope of the Communiqué No. 2010/3, the request for access to the file, which is put forward by the undertakings in order to use the right of defence effectively, is rejected many times by the Board on the grounds that the relevant data contain trade secrets.
There is a balance of interests that needs to be addressed within the scope of regulating the on-site review authority. The power of on-site investigation, which is a very important tool for the public interest to combat cartels, should be used effectively, but violating other legal principles and rights in the meantime will not be in the interests of society. Unfortunately, it is seen that the relevant Law Amendment and the Guidelines are insufficient to draw this fine distinction. At this point, we are of the opinion that it will be more beneficial for the general interest of the society if the concepts related to the power of on-the-spot examination are clearly put forward and the boundaries are clearly drawn.
[1] Competition Authority, Guidelines on Examination of Digital Data in On-Site Examinations, Date of Approval: 08.10.2020 Decision No: 20-45 / 617, https://www.rekabet.gov.tr/Dosya/kilavuzlar/yerinde-inceleme-kilavuz1-20201009091644514-pdf Access date: 16.10.2020
[2] Law No. 4054 on the Protection of Competition, https://www.resmigazete.gov.tr/arsiv/22140.pdf access date: 16.10.2020
[3] Official Gazette dated June 24, 2020 and numbered 31165, https://www.resmigazete.gov.tr/eskiler/2020/06/20200624.pdf Access date: 16.10.2020
[4] For Turkish: Yerinde İnceleme Yetkisi
[5] Competition Authority, Decision No. 18-03 / 34-21, dated 18.01.2018 (File Number: 2017-5-40), https://www.rekabet.gov.tr/Karar?kararId=adac9e63-9ea6-433e-b004-6dfca3739abe access date: 16.10.2020
[6] Explanatory note on Commission inspections pursuant to Article 20(4) of Council Regulation No 1/2003, https://ec.europa.eu/competition/antitrust/legislation/explanatory_note.pdf access date: 16.10.2020
[7] Communiqué on the Regulation of the Right to Access the File and the Protection of Trade Secrets (Notification No: 2010/3) https://www.mevzuat.gov.tr/File/GeneratePdf?mevzuatNo=13941&mevzuatTur=Teblig&mevzuatTertip=5 access date: 16.10.2020
[8] Competition Authority, Decision numbered 15-42/690-259 dated 02.12.2015 http://www.rekabet.gov.tr/Karar?kararId=4f48e79e-e03a-4427-b477-3d2fa17557ac access date: 16.10.2020