In November 2017, the District Court of The Hague held that the Netherlands Authority for Consumers and Markets (ACM) may take copies of mobile phones that also contain personal data.
The District Court’s ruling addressed the request of an undisclosed company following a dawn raid at its business premises. During the dawn raid, the ACM made digital copies of nearly all data on the mobile phones of six employees of the company concerned. The company objected and argued that the ACM exceeded its authority by copying nearly all data – including personal data – from the mobiles phones. According to the company, such a serious invasion of privacy should not be allowed in case no prior judicial authorisation has been obtained (which the ACM did not have in this case).
The Court held that ACM does not need a prior judicial authorisation to review and copy mobile phone data, as there is no legal basis for such requirement.
Subsequently, the Court ruled that it is impossible for ACM to make a selection of only relevant business-related data during the dawn raid, due to the large amount of data on the mobile phones concerned. Consequently, personal data may be copied as well. According to the Court, this is not unlawful, provided that there are sufficient safeguards in place to prevent ACM from gaining unjustified access to certain data.
Such safeguards have to be in line with the Vinci case of the European Court of Human Rights (ECHR). This means that if the company and its employees are not given the opportunity to review and challenge the seized data during the dawn raid, they have to be provided with the opportunity to effectively do so afterwards. According to the District Court, the ACM’s Guidelines on the investigation of digital data provide sufficient safeguards in this respect.