Short Reads

Don't take the ACM's digital inspection guidelines too literally

Don't take the ACM's digital inspection guidelines too literally

Don't take the ACM's digital inspection guidelines too literally

04.04.2019 NL law

The Dutch Authority for Consumers and Markets' (ACM) digital inspection guidelines should be on every company's reading list. However, they should not be taken too literally; at least according to the recent ruling from the Court of Appeal in The Hague.

Even though the ACM, contrary to its own inspection guidelines, had not handed over the names of all the employees targeted for inspection, it should have been clear to the raided company that the ACM also wanted to collect and secure data from five former CEOs and CCOs. As a result, the ACM could use the data from these individuals, even though they were not explicitly mentioned, without it going against its own inspection guidelines.

The ACM's inspection guidelines provide that ACM officials should hand over the names of individuals targeted for inspection to the company subject to the dawn raid (Article 2.1(4)). Even though the ACM neglected to do this in respect of five former CEOs and CCOs, it nonetheless proceeded to collect data from these employees. The ACM claimed that it had selected the five former employees prior to the dawn raid, and that it had taken back-up tapes from the premises because the email boxes of these five individuals were no longer digitally available. Before taking these tapes, the ACM had verified with the company that the tapes did actually contain the email boxes of the five individuals.

The Court of Appeal found that the company had not sufficiently substantiated that the ACM had either taken the back-up tapes for other reasons, or simply taken them without any further explanation. It should therefore have been clear to the company that the five former CEOs and CCOs were part of the ACM's inspection. Different to the District Court's earlier ruling [see our November 2018 Newsletter], the Court of Appeal therefore ruled that the ACM had not violated its own inspection guidelines. Article 2.1(4) of the inspection guidelines aims to enable companies subject to dawn raids to determine the scope of their duty to cooperate and rights of defence. This determination is possible if it is clear to the company which individuals are targeted for data collection, even if these individuals were not explicitly mentioned before collecting their data.

Companies are therefore advised not only to read the ACM's inspection guidelines carefully, but also remain vigilant of other ways in which the ACM clarifies its inspection goals and factor these developments into their dawn raid response strategy.

 

 

This article was published in the Competition Law Newsletter of April 2019. Other articles in this newsletter:

Team

Related news

22.07.2019 NL law
HagaZiekenhuis beboet voor datalek

Short Reads - Enkele maanden geleden vierden we de eerste verjaardag van de Algemene Verordening Gegevensbescherming (AVG) met een uitgebreide beschouwing  over de belangrijkste  ontwikkelingen uit  het eerste jaar van de verordening. We concludeerden daarin onder meer dat de door sommigen voorspelde hoge bestuurlijke boetes voor overtredingen van de AVG tot dan toe  - zowel in Nederland als in de andere EU-lidstaten - grotendeels waren uitgebleven.

Read more

15.07.2019 EU law
ICO to impose record-breaking fines for inadequate security measures and data breaches

Short Reads - Though the European data protection authorities have taken their time in enforcing the GDPR, two announcements by the ICO in the UK regarding proposed fines for British Airways and Marriott demonstrate that large fines are about to start landing regularly. Both of the substantial fines are to be handed out as a result of shortcomings in handling data breaches caused by cyber-attacks.

Read more

18.07.2019 NL law
ESMA publishes report on licencing of fintech firms across europe

Short Reads - On 12 July, the European Securities and Markets Authority ("ESMA") published a report on the status of licencing regimes of FinTech firms across the European Union ("EU").  The report is based on two surveys conducted by ESMA since January 2018, which gathered evidence from EU national competent authorities ("NCAs") on the licensing regimes of FinTech firms in their respective jurisdictions.

Read more

09.07.2019 NL law
Testen van zelfrijdende auto's sinds 1 juli 2019 vergemakkelijkt

Short Reads - Op 1 juli 2019 is de Experimenteerwet zelfrijdende auto's in werking getreden (Stb. 2019, 240), Het betreft een wijziging van de Wegenverkeerswet 1994 (Wvw) waardoor het testen van zelfrijdende auto's (met besturing op afstand) makkelijker wordt. De wetswijziging vormt een belangrijke stap om belemmeringen in de huidige regelgeving weg te nemen en ruim baan te maken voor nieuwe technologische ontwikkelingen op het gebied van zelfrijdende auto's.

Read more

17.07.2019 BE law
EU Single-Use Plastics Directive is now in force: brief recap

Articles - Plastic is a significant and growing global concern. A recent study commissioned by WWF and carried out by the University of Newcastle, Australia, suggests that people are consuming around 2,000 tiny pieces of plastic every week (which is approximately 5 grams of plastic, the weight of a credit card).  In this context, the EU adopted a new directive aiming at tackling marine litter generated from 10 single-use plastic products and from abandoned fishing gear and oxo-degradable plastics. This is called the Single-Use Plastics Directive and has entered into force this month, on 2 July 2019.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring