October 2020 saw important developments with respect to the procedural framework surrounding the Commission’s evidence-gathering powers. A General Court judgment on the appropriateness of dawn raids at three French supermarket chains and the Court’s interim order regarding the Commission’s ongoing probe into Facebook’s data practices both have practical implications for companies under investigation.

French Supermarkets Obtain The Partial Annulment Of EU Dawn Raids In A Judgment That Nonetheless Confirms The Commission’s Investigatory Powers

In 2017, the Commission raided three French supermarkets—Casino, Intermarché, and Les Mousquetaires—over suspected infringement of Article 101 TFEU. The three supermarkets each appealed the inspection decisions and presented three broad categories of arguments:[1] First, all three unsuccessfully argued that the Commission’s investigatory powers breached their rights to effective remedies and their rights of defense. Second, Les Mousquetaires challenged the Commission’s seizure of data relating to employees’ private lives and the refusal to delete such data. While accepting the existence of rights attached to private data, the General Court held the challenge itself was inadmissible. Third, all three appellants claimed that the dawn raids were not based on sufficient evidence—a claim the General Court partially upheld.

Pleas of illegality. All three supermarkets claimed the application of Article 20(1) (concerning the Commission’s power to carry out inspections) and Article 20(4) (concerning undertakings’ obligations to comply with decision-ordered inspections) of Regulation No. 1/2003 breached their right to an effective remedy. The supermarkets reasoned that their ability to appeal an inspection was uncertain, unavailable within a reasonable timeframe, and in breach of the principle of equality of arms and the right of defense as they could not access the evidence available to the Commission. The General Court rejected these claims.

First, the General Court recalled that the right to an effective remedy requires it to be effective, efficient, certain, and provided within a reasonable time. The Court held that these criteria were met by the six different routes to remedy available to companies that had been subjected to a dawn raid, i.e. the ability to: (i) appeal an inspection decision; (ii) appeal any decision taken by the Commission following its inspection decision (such as a refusal to grant protection over privileged materials); (iii)appeal the Commission’s final decision at the end of an investigation; (iv) bring an action for interim relief; (v) bring a tort action; and (vi) issue requests to the Hearing Officer. The Court therefore dismissed the claim that Articles 20(1) and (4) of Regulation No. 1/2003 violated the companies’ rights to an effective remedy breaching their legal rights.

Second, the General Court further explained that the administrative procedure governed by Regulation No. 1/2003 consists of investigative and adversarial stages. Dawn raids are part of the investigative stage, during which an undertaking is entitled to know the conduct it is being investigated for. A company’s right to further detail on the exact evidence available to the Commission only arises, however, during the adversarial stage of the procedure, which only starts when the Commission has issued a Statement of Objections.

Challenge of the Commission’s seizing of data relating to employees’ private lives. Les Mousquetaires also disputed the legality of the Commission seizing and refusing to delete personal data relating to employees. The General Court acknowledged that undertakings have a right to protect the private lives of their employees, similar to their right to protect privileged information. The General Court nonetheless found Les Mousquetaires’ challenge to be inadmissible. As Les Mousquetaires had failed to request the data not be seized on privacy grounds during the investigation, there was no formal Commission decision to refuse the request. Since no decision was taken and since only decisions can be appealed, Les Mousquetaires’ challenge was inadmissible. Les Mousquetaires later made a demand in writing that the Commission delete its employees’ private data, the Court found that this demand failed to identify the specific documents in question, leaving the Commission unable to respond.

The judgment places the burden on the company to make clear at the time of the inspection that they believe the documents being seized are likely to include data concerning their employees’ private lives that are covered by their right to privacy. Following the judgment a company in this situation should consider promptly following-up in writing with the Commission identifying as precisely as possible the specific documents that may fall within the scope of such a claim.

Challenge of the inspections’ legal basis. Finally, the supermarkets claimed that the Commission’s decision was arbitrary, because it was not based on sufficient evidence. The appellants challenged both the nature of the evidence relied upon and its persuasiveness.

The appellants observed that the bulk of the evidence relied upon consisted of interviews between the Commission and suppliers that were not recorded but simply summarized by Commission officials in written reports. The General Court dismissed these concerns, on the basis that evidence collected informally is not subject to the same formalistic requirements as evidence collected in the context of a formal investigation. The Commission was not under an obligation to record the interviews. The Court also dismissed the suggestion that as the reports were authored by Commission officials could be used without further evidence to suggest these were not accurate accounts of the interviews.

As for the persuasiveness of the evidence, the General Court stated that to justify an inspection, the Commission must have “serious enough evidence to suspect the existence of illegal conduct,”[2] and recalled that the evidence must be assessed as a whole. The Commission’s decision to inspect relied on two suspicions: one relating to alleged information exchanges regarding discounted products and the other pertained to information exchanges between Casino and Intermarché on their future commercial strategies. With respect to the first of the two concerns, the General Court pointed to the evidence collected in the interviews conducted by the Commission and held that these constituted serious enough evidence. But with respect to the second concern, the General Court found that it was almost entirely based on the fact that an employee of INCA (a joint venture between Intermarché and Casino) attended Intermarché’s 2016 annual convention. The General Court found that there was no evidence of any secret meeting or exchange of information at this event, and that Intermarché’s disclosure of certain information during this convention does not suffice to create the suspicion of a collusion between the two undertakings. On this basis, the General Court annulled the inspection decision in part. In practice this means the Commission can therefore continue its investigation based on the evidence collected during its 2017 dawn raids in relation to the first of these suspicions only.

General Court Mandates A Data Sharing Mechanism To Protect Private Information In Commission’s Facebook Investigation

Another noteworthy development in relation to the protection of companies’ rights of defense stems from the European Commission’s investigation into Facebook’s data practices, which began in the fall of 2019. This investigation appears to have involved a number of requests for information (“RFIs”) sent to Facebook. One RFI was appealed in July 2020, for reasons of “excessive demands.” Facebook claimed the request involved a significant volume of private and sensitive user data. Facebook sought interim measures on this basis.

On October 29, 2020, the General Court outlined in an interim order a data-sharing framework enabling the Commission to access the data requested whilst seeking to ensure that sensitive data benefits from “strong legal protections.”[3] In practice, this will involve a virtual data room that will house any sensitive documents identified by Facebook. A limited number of Commission lawyers will be able to consult this data while Facebook lawyers will monitor them. Should the two sides disagree over the sensitivity of a document, Facebook will be able to make their case to a senior EU official to adjudicate. While Facebook welcomed this development, it also announced that it would continue its main appeal against the information request.

This framework is not unlike the already common practice where the lawyers of the investigated company are able to monitor Commission officials’ access to data collected during a dawn raid to protect legal privilege and to verify that documents fall within the scope of an investigation. This judgment appears to extend this practice to Commission RFIs, where this would not previously have been general practice, it also provides companies with a clear right to make privacy- focused claims against the disclosure of specifically identified documents.

While it is difficult to determine the general applicability of the interim order at this early state, the possible long-term impact is significant. First, the order may induce the Commission to reconsider its general approach to issuing document requests. There is a broad consensus that the Commission’s requests have become increasingly onerous for companies to comply with. Separating particularly sensitive documents and limiting access to them via a virtual data room may go some way to protect the fundamental rights of the data subjects whose data is exposed. It may also act as a limiting factor on the breadth of requests for practical reasons. Second, both this judgment and the French Supermarket judgment suggests companies have a mandate to invest time and resources into determining with some precision not only which documents may enjoy legal privilege, but also which may contain information protected by their employees’ right to privacy.

[1]      Casino, Guichard-Perrachon and AMC v. Commission (Case T-249/17) EU:T:2020:458; Intermarché Casino Achats v. Commission (Case T-254/17) EU:T:2020:459; and Les Mousquetaires and ITM Entreprises v. Commission (T-255/17) EU:T:2020:460.

[2]      Casino, Guichard-Perrachon and AMC v. Commission (Case T-249/17) EU:T:2020:458, para. 97.

[3]      Facebook v. Commission (Case T-451/20), EU:T:2020:515.