There have been a number of recent Irish and EU developments since the seminal 2017 Supreme Court judgment in CRH plc v Competition and Consumer Protection Commission1 (the “CRH case”) dealing with the protection of rights in a search and seizure context. The recent cases seek to balance the rights of the parties being investigated with the powers of the regulators. There have also been rulings that bring clarity to some practical aspects of how these rights need to be asserted in regulatory investigations.
The Supreme Court in the CRH case found against the Competition and Consumer Protection Commission (“CCPC”) in relation to aspects of a search and seizure exercise it had conducted and recognised the role of the unenumerated right to privacy deriving from Article 40.3 of the Irish Constitution and the right to respect for your private life under Article 8 of the European Convention on Human Rights, in regulatory investigations and dawn raids. In that case, the Supreme Court took the view that the CCPC seizure of documents which were private and irrelevant to the investigation during a dawn raid were not within the terms of the search warrant. The Supreme Court found that the CCPC should have engaged in a process to identify relevant documents and could access and review documents if such a process was adopted.
Maintaining confidentiality of privileged legal material and irrelevant material
In February 2024, the High Court2 considered the effect of the duty on a regulator under specific statutory provisions to maintain the confidentiality of a regulated entity's information seized during a dawn raid. The statutory scheme in question provided that disclosure of privileged legal material and irrelevant material could only be compelled if the confidentiality of the material was maintained (as against the regulator) pending a determination by the High Court as to whether the information was privileged or irrelevant. Unlike in the CRH case, ComReg had made proposals (which it described as a Step Plan) for a process to be adopted for the parties to identify privileged and relevant material however the question arose as to whether the regulated entity or the regulator should conduct a review (to identify irrelevant, relevant and privileged material) of the electronic data which had been seized by the regulator.
The High Court determined that the regulator could conduct searches and apply key words to identify and remove irrelevant and privileged information from any data seized. However, given the regulated entity’s knowledge of and access to the original data, the High Court made it clear that it expected the regulated entity to contribute to that process. In its judgment the High Court examined the investigative powers of ComReg and approached the issue before the court from the perspective of ensuring those powers were not undermined while at the same time ensuring that safeguards were in place to protect the rights of the regulated entity, which the Step Plan was designed to do.
Legal professional privilege: the Delaney case
The September 2023 Court of Appeal decision in Corporate Enforcement Authority v Cumann Peile na hÉireann ‘Football Association of Ireland’3 (the “Delaney case”) brings clarity to handling claims of legal professional privilege. The Delaney case provides a very helpful summary of legal professional privilege and the challenges faced by a litigant attempting to invoke it. In this case, the High Court approved an “Examination Strategy” which resulted in a process of engagement under the close supervision of the court. Mr Delaney claimed that a vast number emails seized as part of an investigation by the Corporate Enforcement Authority (“CEA”) were privileged.
Initially, legal professional privilege was claimed by Mr Delaney for thousands of the documents which the CEA collected. The CEA refused to accept his claim and two assessors were then appointed by the High Court. However, the High Court did not accept the recommendation of the assessors that approximately one-third of the documents which they reviewed were privileged.
The Court of Appeal upheld the High Court judgment and legal analysis on the basis that Mr Delaney had failed “to provide any meaningful context for virtually all of the documents” for which legal professional privilege had been claimed and he did not meet the burden of proof on a party claiming legal professional privilege. The Court of Appeal decision re-emphasised the principle that a court should be provided robust contextual evidence in order to determine the privilege status of any particular document. Leave to appeal to the Supreme Court was refused this year.
In the aftermath of the Delaney case proposed legislative changes4 seek to streamline the court process for the determination as to whether documents seized by the Corporate Enforcement Authority (“CEA”) are privileged. The CEA will have 14 days (rather than 7) to make the application for a determination which can now be made on an ex parte basis rather than on notice. The previous reference to independent “person” (singular) is substituted for “person or persons” and so explicitly permits the appointment of more than one independent person to examine material and prepare a report for the court. This will undoubtedly assist in achieving more efficient review times in large scale data seizures.
EU law developments
There have been relevant developments in EU law in the last two years on legal professional privilege and privacy in regulatory investigations.
In Orde van Vlaamse Balies5, the Court of Justice of the European Union (“CJEU”) broadened the scope of the concept of legal professional privilege in EU law, ruling that it applies to all communications between EEA-qualified external lawyers and their clients, and is not limited to advice provided by an external lawyer for the purposes of and in the interests of a client’s rights of defence. In otherwords communications consisting of legal advice beyond a litigation context. The ruling is significant as it overturned the previous EU authority which ruled that exchanges between external EEA-qualified lawyers and their clients were protected, provided that such communications consisted of advice given for the purpose, and in the interests of, the client's rights of defence. As a result of this ruling the position in EU law is now closer to established common law principles on legal professional privilege.
The judgment in Orde van Vlaamse Balies clarifies that both:
- Article 47 of the Charter of Fundamental Rights of the European Union (right to an effective remedy and a fair trial); and
- Article 7 of the Charter of Fundamental Rights of the European Union (right to respect for private and family life, home and communications)
protect legal professional privilege.
In Intermarché Casino Achats SAR6 (also referred to as the ‘French Supermarkets case’) the CJEU ruled that the European Commission has an obligation to record interviews conducted for the purpose of gathering information in relation to the subject matter of an investigation and that this obligation applied even before the formal commencement of an investigation. The obligation included an obligation on the European Commission to provide a copy of an interview recording to interviewees for approval. Here the Commission staff had taken notes of meetings with suppliers to collect information relating to its investigation, but this was not considered to have fulfilled the obligation to properly record the interviews. As these internal staff notes were the main basis for the decision to carry out an inspection, the CJEU found that there was no valid evidence justifying an inspection and it led to a ruling that the inspections were illegal. The Court annulled the European Commission’s inspection decisions in their entirety as a result. This case highlights the importance of pre-investigation and pre-inspection steps and how such steps, if not conducted properly and in accordance with applicable legal obligations, can essentially ‘infect’ the legality of later steps.
On a more general issue about ability to challenge conduct during an inspection, a number of the companies the subject of the investigation in the French Supermarkets cases argued that Regulation 1/2003 (pursuant to which the investigation was being conducted) did not provide for an effective remedy to challenge the Commission’s conduct during inspection and that this was contrary to the requirements of the European Convention on Human Rights (the ECHR). The General Court did not accept this argument and considered, in the round, all of the remedies available to parties seeking to challenge actions of the Commission during an inspection. In addition to the ability to appeal against an inspection decision, the General Court held that there is an appeal against any reviewable act adopted by the Commission in the course of an inspection and that this would include, for example, a decision to seize legally privileged document or an act in breach of the right to privacy of an employee of an entity the subject of an inspection. The CJEU adopted the reasoning of the General Court and did not allow the appeal on this point.
In Red Bull7 the European Commission inspectors assessed relevance on site during an inspection before seizing documents as part of an investigation. However, on the last day of the dawn raid, the inspectors made a copy of a large number of electronic documents (approximately 5 terabytes) without any significant analysis to inform a relevance assessment prior to seizure / removal of the documents. A significant amount of additional electronic data were also requested subsequent to the dawn raid.
Red Bull sought urgent interim measures to suspend the execution of the inspection decision claiming that it would suffer serious and irreparable damage because of violations of Article 7 of the Charter of Fundamental Rights of the European Union (which provides for the right to respect for private and family life, home and communications). It argued that there was a high risk of officials becoming aware of data of a personal nature given the amount of data seized without an assessment being made for relevance. Red Bull argued that the inspectors should have taken steps to guard against this and that affected employees should have been given the opportunity to examine the data in question and object to its seizure.
The General Court held that Red Bull had not satisfied the criteria for interim measures; specifically it had not demonstrated that serious and irreparable damage would be suffered. The General Court found that Red Bull’s representatives were present during the examination of the documents by the officials and these representatives were in a position to challenge the inclusion of certain documents in the investigation file if they contained personal data unrelated to the investigation. The General Court also held that in light of the fact that European Commission officials have strict obligations of professional secrecy, and an arbitration procedure was available in the event of a disagreement regarding the relevance of documents, the case for serious and irreparable harm was not made out. In essence the General Court identified various elements of the dawn raid process coupled with aspects of the overall legal context of the dawn raid which were considered to provide sufficient protection to Red Bull and its employees whose rights were at risk of being infringed.
Surveillance Functions
Organisations should also be aware of the proposed changes to the CEA’s powers to exercise surveillance functions in certain circumstances, extending this power to the CEA in line with Government policy for other similar enforcement bodies in the State (including An Garda Síochána, the Revenue Commissioners and the CCPC). This effectively means authorised CEA officers can monitor, observe, listen to, or make recordings of persons or their movements, activities, or communications. In those circumstances the streamlined process for determining privilege is an important balancing of the rights of parties being investigated with the powers of regulators.
Take-Aways from recent developments
- Regulated entities that are the subject of investigations and inspections have a number of rights which need to be safeguarded. A key right is the right to respect for private life and communications and an entitlement that privileged legal material will be kept confidential as against the regulator;
- Regulators are obliged to have regard to these rights but the powers of regulators cannot be undermined in post inspection treatment of seized data;
- The Court will expect engagement in relation to a Step Plan or some similar process in the aftermath of a dawn raid, which Step Plan should designed to enable regulators to progress an investigation while at the same time recognising and protecting the rights of the entities they are investigating.
- The subject of an inspection / investigation is expected to engage and co-operate in relation to the execution of a Step Plan or similar process.
- It is clear that a regulator must be afforded a wide degree of latitude in setting the scope of an investigation and therefore the scope of what material is relevant;
- Effective remedies must be available to parties in relation to the conduct of inspections by officials
- Regulators should act diligently in relation to steps taken which inform inspection and investigation decision.
Footnotes
1. [2017] IESC 34
2. Commissions for Communications Regulations v Eircom Ltd [2024] IEHC 49
3. [2023] IECA 226
4. Contained in the General Scheme of the Companies (Corporate Governance, Enforcement and Regulatory Provisions) Bill 2024
5. Orde van Vlaamse Balies Case C-694/20 (December 2022)
6. Intermarché Casino Achats SAR v European Commission Case C-693/20 P (March 2023)
7. Red Bull v European Commission Case T-306/23 (September 2023)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.