The European Commission has published on its website an updated version of its explanatory note (here) on how it conducts dawn raids where it suspects that a company has breached antitrust law. The revised note goes into more detail concerning the IT aspects of a European Commission dawn raid. 
Key points  

  • The European Commission's note provides some additional clarity on its approach to the important role that IT searches play in dawn raids. 
  • Antitrust authorities around the world increasingly focus their dawn raids on IT search. 
  • In many jurisdictions, inspectors can review and copy data from a wide IT environment, including cloud services and private mobile phones that are used for professional purposes. 
  • IT staff are at the forefront of any dawn raid. Businesses should ensure that they are fully integrated in dawn raid defence procedures, and are adequately trained. 

How has the European Commission's note been amended? 
The following key revisions have been made to the European Commission's note, which provide some additional clarity to its approach. 

  • Private devices  

The note explains that inspectors may search "private devices and media that are used for professional reasons (Bring Your Own Device - BYOD) when they are found on the premises."

  • Cloud services added as an example of the IT environment which may be searched  

The note expands the list of items within the IT environment that may be searched by officials. Cloud services, servers, external hard disks, and back-up tapes are now added as examples in addition to laptops, desktops, tablets, mobile phones, CD-ROM, DVD, and USB-keys.

  • Evidence selection process  

The note explains that evidence may be collected in its "technical entirety". For example, if only one attachment to an email is selected, then the final export will consist of the cover email, along with all the attachments that belong to that particular message. In the course of final processing into the case file at the European Commission's premises, each evidence item may be taken apart from its individual components (e.g. cover email, attachments and\or other  embedded data items), and these may then be listed individually and accordingly receive individual reference numbers.

  • Personal data  

The note emphasises that personal data is not the target of antitrust inspections conducted by the European Commission, as the EU antitrust rules apply only to undertakings. However, it notes that "personal data of individual staff members of undertakings (such as their names, telephone numbers, email addresses) may… be contained in business documents/data related to such investigations and may therefore be copied or obtained during an inspection and may become part of the Commission file." It states that all personal data will only be used for the purpose for which they were collected and will be processed in accordance with the EU data protection rules.

  • Final data collected  

The note adds that, as regards the final data selected by the inspectors during the dawn raid (or following a continued inspection) which are added to the European Commission's case file, the company will receive a data carrier (e.g. a DVD) on which all these data are stored. The company will be requested to sign the printed list(s) of data items selected. Two identical copies of these data stored on data carriers will be taken away by the inspectors.

  • Continuation of the raid at the European Commission’s premises

The European Commission has expanded its explanation of how data will be handled if the officials run out of time for selecting documents on-site. The data still to be searched will be placed in a sealed envelope and the European Commission will invite the company to be present when the sealed envelope is opened and the documents are inspected. Alternatively, the European Commission may decide to return the sealed envelope without opening it. A third option will be for the European Commission to ask the company to keep the sealed envelope in a safe place to allow the European Commission to continue the search process at the company premises at a further announced visit. 
Experience in other jurisdictions – a few examples 
Most antitrust authorities around the world now have extensive IT search powers, which are similar to those of the European Commission.  As antitrust authorities are becoming more sophisticated in their approach, dealing with IT searches has become an increasingly important part of any dawn raid.  However, there are some differences in approach that businesses need to be aware of.  For example, certain authorities have "search and sift" powers, enabling them, if they so choose, to take a copy of all the digital data to which they have access from the location of the investigation, and then search this data copy at the premises of the competition authority for relevant evidence. 
In the United States, investigators are required to obtain a search warrant before conducting a search.  They are then permitted to seize any items that fall within the scope of the search warrant.  In antitrust cases, there is typically an attachment to the search warrant that relates directly to the scope of the IT search, specifying the items to be seized and protocol to be followed in seizing these items.  Investigators are typically permitted not only to copy digital data, but, if necessary, also to seize the hardware itself.  While most search warrants require that investigators try to copy data wherever possible, in almost every case at least some hardware is seized.  All seized materials are logged, removed from the corporate premises, and reviewed by the investigators at their offices.  Additionally, in the United States, investigators continue the search until it is completed; investigators are permitted to stay at the search site until their work is complete, regardless of the hour. They cannot run out of time.
A similar situation exists in China where antitrust regulators may be tempted to use sophisticated (if necessary, third party) software to search company computers and servers.
IT search is similarly intrusive in Mexico. The Mexican competition authorities (Cofece and Ifetel) have the power, without the need for a judicial warrant, to copy any information stored on any electronic and storage devices that may contain "evidence of the execution of acts or events related to the investigation procedure."  Although dawn raids can last up to two months (and when justified for another two), inspections usually last a maximum of two days with the inspectors taking a copy of digital evidence, and then reviewing for relevance later at the authority's premises.
In the UK, IT experts will generally assist with the search of computer and IT records, and in civil cases the investigating authorities have similar powers to those of the European Commission. However, in both civil and criminal cases, and where the inspectors have a UK Court Warrant, if it is not practicable for inspectors to determine whether documents are relevant (or separate relevant material from irrelevant material) whilst on the premises, in certain circumstances they can remove those documents in order to determine away from the premises whether they are relevant and/or remove irrelevant material.
In France, where the inspectors find an email that they consider to be potentially relevant for the investigation, they collect a copy of the entire mailbox (subject to the deletion of legally privileged documents).
In Japan, inspectors often search emails and computers of employees.  There is no concept of "privilege" and there is basically no restriction on the scope of such searches.
Practical tips 
In the landscape of the increasingly aggressive use of IT search techniques for dawn raids by antitrust authorities globally, we suggest that business considers the following points for their dawn raid defence procedures:

  • IT staff should promptly comply with the instructions of the investigators upon arrival, which may include explaining the IT environment, blocking access to in-boxes, removing and re-installing hard drives, and providing "administrator access rights" support. Failure to deal adequately with these requests could lead to fines (company and individual) and, in certain jurisdictions, criminal sanctions.
  • Many authorities will want to review and copy data from private devices that are used for professional purposes. Ensure that you have in place the appropriate procedures to deal with these requests. Be aware that inspectors are usually empowered to take these devices away temporarily (until the end of the on-site inspection) from the personal owners for copying purposes.  
  • In most jurisdictions, the inspectors have the power to copy all servers and databases that are accessible from the premises being investigated. As part of drawing up dawn raid defence procedures, IT staff should consider and test what parts of the IT infrastructure can be accessed on-site, and what aspects of the infrastructure require third party support (e.g. with respect to a cloud service). Appropriate service level agreements may need to be entered into with third parties to ensure that the appropriate IT access can be made available in the event of a dawn raid.  
  • In most jurisdictions (with the notable exception of China and Japan), inspectors are prevented from reviewing and copying legally privileged documents. You should agree with the inspectors a process for protecting these documents, such as by providing the inspectors with a list of lawyers so that their searches will automatically not pick up on communications with these individuals. If documents are being sifted for relevance on-site by the inspectors, a process should be agreed whereby the company is given adequate time to review documents for relevance to check that only relevant documents are taken away by the inspectors.
  • Inspectors are applying increasingly sophisticated search software to uncover relevant evidence through keyword search. Try to find out what key search terms are being used, so you can analyse more precisely (beyond what is set out in any entry paperwork) what the suspicions of the authority are.
  • Ensure that you have a senior IT specialist as part of your dawn raid defence team.
  • Introduce a training programme for all relevant staff, including IT, security, receptionists and in-house lawyers, to ensure that the IT aspects of dawn raids are fully understood.