Short Reads

Walking the tightrope between data protection and EU investigations

Walking the tightrope between data protection and EU investigations

Walking the tightrope between data protection and EU investigations

04.01.2019 NL law

Two recent publications confirm that it is possible for companies to cooperate with a European Commission investigation and still comply with the data protection rules. It is also possible for the Commission to deviate from certain data protection obligations in the interest of a competition law investigation. The tightrope between data protection and Commission investigations may not be as rigid as initially feared.

However, companies should still remain vigilant when dealing with information requests during investigations.

Several EU institutions, including the European Commission's Directorate-General for Competition, voiced concerns to the European Data Protection Supervisor (EDPS) about companies claiming the General Data Protection Regulation (GDPR) prevents them from cooperating with EU investigations. In response to these concerns, the EDPS clarified that the GDPR does not prevent companies from submitting information containing personal data to EU institutions, either voluntarily or in response to a legal obligation, as long as the EU institutions act within their powers. In addition, the EDPS stated that companies do not have a legal obligation to inform people about the disclosure of their personal data to EU institutions if this data is submitted with a view to carrying out a particular inquiry within the powers of the EU institutions. In the context of EU antitrust investigations, companies can therefore still be GDPR compliant while submitting information - either voluntarily or under a legal obligation - to the European Commission that may include personal data, as long as they double-check whether:

  • the request for information falls with the scope of the Commission's investigative powers;
  • the disclosure of the information is necessary to comply with the legal obligation;
  • the requested information is provided within the framework of a particular inquiry, or
  • the information is provided in order for the Commission to carry out a particular inquiry.

Similar to the GDPR not preventing companies from cooperating with EU investigations, Regulation 2018/1725 - the EU institutions' version of the GDPR – does not prevent EU institutions from conducting investigations under certain specified conditions. In regard of antitrust investigations, this is further explained in a recent Decision which states that the Commission may restrict certain rights of data subjects if the full application of these rights would jeopardise the purpose of its investigation. For the same reason, the Commission may also restrict data subjects' rights in relation to personal data obtained from other EU institutions, Member State authorities, third countries or international organisations. When doing so, the Commission will have to record and register its reasons for restricting the data subjects' rights. The Commission will also need to assess whether these restrictions are indeed proportionate and necessary for the purpose of the Commission's investigation. The Data Protection Officer will have to be informed whenever data subjects' rights are restricted and can carry out an independent review of the application of the restrictions to check whether they are in line with the Decision.

Team

Related news

08.06.2021 NL law
De Europese Klimaatwet uitgelicht

Short Reads - Op 21 april 2021 is een voorlopig akkoord bereikt over de Europese Klimaatwet. Deze Klimaatwet kan worden gezien als de kern van de Europese Green Deal, die in december 2019 werd gepubliceerd door de Europese Commissie. Het overstijgende doel van deze instrumenten is om een klimaatneutraal Europa te bewerkstelligen in 2050. De Europese Klimaatwet zorgt ervoor dat deze klimaatneutraliteitsdoelstelling in een Europese verordening wordt vastgelegd. Dit blogbericht gaat nader in op de Europese Klimaatwet en legt uit wat dit met zich brengt.

Read more

08.06.2021 NL law
Actualiteiten milieustraftrecht: zorgelijke ontwikkelingen

Short Reads - Vrijdag 28 mei jl. hadden wij een inspirerend webinar over actualiteiten op het gebied van milieustrafrecht. Wij spraken gedurende 90 minuten onder meer over aansprakelijkheden van bestuurders, de zorgplichten, incidentenrapportages vanuit strafrechtelijk- en bestuursrechtelijk perspectief.

Read more

03.06.2021 NL law
First material judgment in Dutch damages proceedings in trucks infringement

Short Reads - In its judgment of 12 May 2021, the Amsterdam District Court ruled that it has not been established that it is definitively excluded that the trucks infringement led to damage to the claimants. However, this does not alter the fact that it must still be assessed for each claimant whether the threshold for referral to the damages assessment procedure has been met. For this to be the case, it must be plausible that a claimant may have suffered damage as a result of the unlawful actions of the truck manufacturers. The Amsterdam District Court has not yet ruled on this issue.

Read more

03.06.2021 NL law
Highest Dutch Court: ACM has not proved dominance of Dutch railway operator NS

Short Reads - A high market share is not always proof of a dominant position. The Trade and Industry Appeals Tribunal (CBb) upheld the annulment of the ACM’s fine of nearly EUR 41 million on Dutch railway operator NS for alleged abuse of dominance. According to the CBb, NS did not abuse its dominant position as the ACM failed to prove beyond reasonable doubt that NS holds a dominant position on the market for the exercise of the right to exploit the main rail network concession.

Read more