October 2020 – Overview of recently issued "Guidelines for the Examination of Digital Data during On-site Inspections"
The Turkish Competition Authority (the "TCA") has recently issued "Guidelines for the Examination of Digital Data during On-site Inspections (the "Guidelines"). This comes in response to a recently enacted law (no. 7246, dated 16 June 2020), which has introduced significant amendments to paragraph a) of Article 15 ("On-site Inspections") of Law No.4054 on the Protection of Competition ("Law No. 4054"). Within the framework of these changes, the TCA is now allowed to examine all manner of data and documents stored on electronic devices and information systems during on-site inspections and/or to copy such data and bring it to the TCA's premises for preservation and examination. The Guidelines set out the procedures that will apply for the assessment of digital data in compliance with Article 15 of Law No. 4054.
Under the Guidelines, during on-site inspections the relevant TCA personnel1 are authorised to examine information systems such as servers, desktops / laptops, portable devices and storage devices such as CDs, DVDs, USBs, external hard disks, backup records, and cloud services. Authorised TCA personnel are also granted access to use forensic tools that allow keyword searches in systems that belong to the undertaking.
The most striking update introduced in the Guidelines is that it allows "a quick review" of portable communication devices such as mobile phones, tablets, etc. Moreover, the Guidelines provide that whether the portable devices will be examined or not will be determined based on whether they contain information or digital data belonging to the undertaking, after a quick review. Correspondingly any portable devices (including personal devices) that are confirmed to include digital data belonging to the undertaking will be examined with forensic information tools, and the data considered to be evidence within the scope of the inspection will be separated. Any information not considered to be evidence will be permanently and irrevocably deleted.
The Guidelines state that any portable devices that are acknowledged to be used solely for personal and private purposes cannot be examined. However, the practical application of the Guidelines may make it difficult to draw the line, given that the examination of portable devices can easily amount to an infringement to the right of privacy. Another controversial aspect of the Guidelines is the term "quick-review", as what constitutes a quick review is rather vague, and it therefore may be difficult to set boundaries.
The Guidelines provide detailed information on the competence of TCA personnel authorised to examine any data belonging to the undertaking on digital platforms. The undertaking is also obliged to take necessary measures to prevent any interference with the data stored. The authorised managers of the undertaking also have an active duty to support the authorised TCA personnel regarding their requests with respect to information systems while the inspection is taking place. If it is deemed necessary under the circumstances of the case, the digital data subject to the inspection will be copied and stored.
While in general the examination must be completed at the premises of the undertaking, if it is deemed necessary the inspection can be continued at the forensic information laboratory at the TCA. In any case, the examination of digital data obtained from mobile phones must be completed at the premises of the undertaking. Digital data to be examined at the TCA will be transferred to three separate data storage devices, after the hash value of the date is calculated. Subsequently, one of the three copies will be given to the undertaking, while the other two copies will be placed in a sealed envelope and protected physically by the authorised TCA personnel. The undertaking concerned shall be invited by the TCA in writing to provide a representative at the time that the opening of the sealed envelope takes place and during the inspection, which will continue at the TCA's forensic informatics laboratory. If deemed appropriate by the TCA Board, a decision will be taken to allow the sealed envelope to be returned to the undertaking concerned without being opened.
If it is alleged by the undertaking concerned that the digital data that is to be taken as evidence within the scope of the inspection carried out either at the undertaking's premises or at the TCA is classified as confidential business information, an action shall be taken as per the Communiqué on the Regulation of the Right of Access to the File and Protection of Trade Secrets ("Communiqué No: 2010/3")
In conclusion, as per the new Guideline, the process of a digital data examination by the TCA will be as follows;
- the data within the scope of inspection of the undertaking shall be obtained physically or logically;
- the digital data obtained shall be transferred to the TCA's forensic information platform and indexed;
- the indexed digital data shall be examined by authorised TCA personnel;
- the data that is considered as evidence as a result of the inspection will be separated and a copy shall be brought to the TCA; and
- the data stored in the data storage devices used during the examination will be deleted when the inspection is completed.
The question of whether the Guidelines and the procedure that the Guidelines foresee will endure potential court proceedings that arise from privacy-related issues is yet unanswered.
1 The term "authorised personnel" refers to Turkish Competition Authority personnel that have the title of competition experts, chief competition experts, or assistant competition experts within the wording of the Guidelines.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.