In a recent article we examined the general concerns stemming from the conflict between competition authorities' need to use digital evidence and the protection of private and privileged information. We explained how a legal framework that could best reconcile these interests should be created. In this article, we focus on the situation in Turkey.
Like many competition authorities around the world, digital evidence is very important for the cartel investigations of the Turkish Competition Authority (TCA). Most of the more recent infringement findings were based on digital evidence showing anti-competitive communication between competitors. For now, the rapporteurs of the TCA examine electronic devices only within the premises of the companies being investigated during on-the-spot inspections (or dawn raids).
Unlike the European Commission and the authorities of some other member states, rapporteurs of the TCA do not take the image of the entire server in order to further examine the documents within its own premises. Moreover, the rapporteurs tend to take physical printouts of the digital documents. The images of certain documents are taken only if the size of the documents is too large and it is not feasible to take physical copies. In case of physical print-outs, the rapporteurs require the officials of the company to confirm that they are the same with the original electronic documents. When the images of certain documents are taken, the rapporteurs acquire the hash-values of these documents and require the officials of the company to confirm these hash-values. This way, the authenticity of digital evidence is ensured.
Currently, the rapporteurs of the TCA do not own any external forensic IT software (such as Nuix or Cellebrite mentioned in our previous article) or hardware to help their investigations, and they have relied on the internal search tools within electronic devices such as "Windows Live Forensics." Moreover, the rapporteurs only examine computer and no mobile device (such as mobile phones or tablets) was examined to date.
This being the case, it is known for a while that the collection of digital evidence is becoming more and more difficult as the companies' "competition law awareness" increases. Therefore, it may not be possible to extract digital evidence without the help of more advanced IT forensic tools. Furthermore, it is also a fact that the significance of mobile devices increase rapidly, and most of the communication is made over such devices, including anti-competitive communications. Therefore, TCA desires to be able to use more complicated tools (e.g. using software to take the image of the entire server and examine the documents in its own premises) and to examine electronic devices other than computers (especially mobile phones).
However, it should be noted that the Turkish Competition Law does not contain any express provision allowing the rapporteurs to examine electronic devices and collect digital evidence. Moreover, there are no procedural rules (not even quasi-legal instruments such as guidelines) with respect to chain of evidence and chain of custody. Hence the abovementioned methods developed by the TCA "instinctively" and lack any actual legal basis. Yet, since the Council of State (Appeal Court of last resort for TCA decisions) approved the legality of TCA's investigation methods in many decisions, it might be argued that the case law forms a legal basis of these methods. It should also be kept in mind that the relatively "modest" investigation methods of the TCA ensures that there is not too much tension concerning the restriction of the rights of the companies.
Still, the lack of any legal framework concerning the examination of digital evidence is actually a significant defect since the presence of a clear and transparent legal framework is mandatory to ensure that the rights of the companies would be protected from arbitrary or disproportional intervention of the TCA. Increasing the capacity of the TCA without first preparing a solid legal framework would inevitably lead to undue restriction of the right to privacy, which is a fundamental right protected by the ECHR and the Turkish Constitution. For this reason, the developments concerning the establishment of a legal framework must precede any further increase in terms of the capacity and authority of the TCA with respect to the collection of digital evidence.
The Draft Competition Law addresses some of these problems. Most importantly, the Law creates an express legal basis for TCA's authority to examine electronic devices and collect digital evidence. The Draft Law also allows the TCA rapporteurs to examine personal devices (e.g. mobile phones) of the employees. Yet it is important to remind that the examination of personal devices is a very serious restriction of individuals' right to privacy and even an express legal basis would not be sufficient to allow the rapporteurs to use that authority arbitrarily. Both the Turkish Constitution and the ECHR requires that the restriction should also be proportional. The "bring your own device" policy of the EU Commission (explained in our previous article) might be considered as a sufficient safeguard to ensure proportionality. The Draft Law does not expressly allow the TCA rapporteurs to take the images of servers and examine those in their premises. The most significant defect of the Draft Law is that it does not provide any procedures concerning chain of evidence and chain of custody. However, these may also be regulated via secondary legislation.
We conclude the article with an example showing how the lack of clear rules concerning the use of digital evidence may create significant problems.
In Turkey the companies are allowed to make leniency applications in order to be immune from the fines to be imposed by the TCA or to receive significant reductions in these fines. Most of these leniency applications inevitably include digital evidence, generally in the form of emails. In a recent case in Turkey, a company solely relied on internal email communications in its leniency application and presented this evidence to the TCA in the form of physical print-outs. As explained above, TCA rapporteurs normally ensure that physical print-outs of digital documents are authentic by requiring the written confirmation of the officials of the investigated companies. This is a reasonable application, given that the evidence is collected during a dawn raid and is to be used against a company. However, using the same approach in a leniency application is completely absurd since the party presenting the evidence would greatly benefit from that evidence and would have all the incentives to falsify such evidence. In the presence of clear procedures, TCA would probably conduct a thorough analysis in order to determine whether these documents are authentic or not (e.g. by examining the servers of the company where these documents were acquired). Yet, in the absence of any rules, the authenticity of these physical documents was taken for granted without any further examination, and they formed the basis of an infringement decision. The judicial process is still ongoing and the decision of the administrative court might significantly change the way in which digital evidence is handled in Turkish competition law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.