The Turkish Competition Board Declares Zero Tolerance Policy Against Deleting Data During On-site Inspections

 by Şeyma İnal, Yasemin Işık, Zeynep Özgültekin

The Turkish Competition Board (“Board”) has recently published four decisions[1] where it decided to impose administrative monetary fines of five in thousands of the annual turnover of the relevant undertaking for hindering/obstructing the on-site inspection by way of deleting data (i.e., e-mails and WhatsApp messages) as per Article 16 of the Law No 4054 on Protection of Competition (“Law No. 4054”)[2]. In these decisions, the Board ignored the steps taken to compensate the result, such as voluntarily handing over the data (which were considered to be deleted). This article first provides a general context for the subject and then brief summaries of the relevant four decisions, which may be considered as a declaration of the Board’s zero tolerance policy towards deleting data.

Background

 As a background information, Article 15 of the Law No. 4054 equips the Turkish Competition Authority (“Authority”) with the power to carry out unannounced on-site inspections at the undertakings’ premises. To that end, the officers of the Authority can, by the power granted to them by the law, examine the books, all types of data and documents of the undertakings and associations of undertakings kept on physical or electronic media and in information systems, and take copies and physical samples of the same.

Although the Authority had the power to conduct on-site inspections, examine and take copies of documents (including electronic documents[3]) since the first version of the Law No. 4054 in 1994, the lawmakers made sure that the boundaries of the power of the Authority keeps up with the developments in technology. To that end, the lawmaker included “electronic media and in information systems” wording to the relevant article in the last amendments made to Law No. 4054 in 2020. Furthermore, in 2020, the Authority published a stand-alone document to clarify what the Authority’s officers can and cannot do during on-site inspections in terms of examination of digital data: the Guidelines on the Examination of Digital Data during On-Site Inspections (“Guidelines”)[4].

While the Authority’s officers are conducting the on-site inspection at the relevant undertakings’ offices, they usually request the relevant undertaking’s organizational chart, determine some key employees and request access to their electronic data, including their e-mail accounts, their computers’ desktops and work phones. Moreover, they are authorized (by paragraph 4 of the Guidelines) to “quickly review” all the portable communication devices (mobile phones, tablets, etc.) to determine whether such devices contain digital data belonging to the undertaking, and if yes, to examine these devices as well, even if they are personal devices.

The undertakings are obliged to comply with the Authority’s officers’ demands, to the extent the demands comply with law, and provide them with the tools (such as electronic platforms, codes, passwords) that will enable the officers to carry out the examination. Article 16 (and also 17, for continuing infringements) of the Law No. 4054 sets forth a specific administrative fine (i.e. five in thousands of the annual turnover of the relevant undertaking in the year preceding the decision) for hindering/obstructing or complicating the on-site inspections.

Deleting information during on-site inspection has been considered as a way of obstructing on-site inspection by the Board for several years, and this practice has been consistently upheld by the administrative courts.[5] The Board’s recent Pasifik, Unmaş, Çiçek Sepeti and Fatih Römorkörcülük decisions, on the other hand are not only the chain of a concurring practice but also a declaration of “zero tolerance” policy, as they set forth that once the data is deleted by an employee of the undertaking, there will be consequences, no matter what the undertaking does to try to make things right afterwards.

Recent Decisions

The Board’s Pasifik Tüketim Ürünleri Satış ve Ticaret A.Ş. (“Pasifik”) decision is noteworthy in this respect. The employees of Pasifik were informed on the ongoing preliminary investigation and the on-site inspection to be conducted. On the day of the on-site inspection, the employees were warned not to delete any information, documents or correspondences from the computers, electronic mailboxes or from any types of stationary or portable equipment which include data belonging to the undertaking at 10:35 am through an e-mail message. Despite this warning, it was detected that the Sales Director deleted a total of 34 e-mail correspondences between 11:26 am – 12:26 pm during the inspection. Subsequently, the attorney of Pasifik has stated that even though the correspondences appear to be deleted from the mailbox, the originals are at the server infrastructure; moreover, the users cannot delete the data via the original server with the “in-placehold” specialty at Microsoft 365 which the company uses. Despite all the efforts, the Board still considered this action as an obstruction of access to potential evidence and findings and hindering the on-site inspection.

The same approach was adopted by the Board in Unmaş Unlu Mamuller Sanayi ve Ticaret A.Ş. (“Unmaş”) decision as well. At the beginning of the on-site inspection at Unmaş, the employees of which worked remotely due to the Covid-19 pandemic, the Authority’s officers reminded the authorized persons of Unmaş that no data should be deleted from the information systems including the employees’ mobile devices on 10:35 am. The company organized the process by contacting the in-house counsels and sending an e-mail to the employees in order to warn them against data deletion by any reason at 11:16 am. 

Upon the examination conducted on the mobile device of an employee, the competition experts became aware that the WhatsApp message contents were deleted by the Commercial Director respectively at 10:38 and 10:44 am, evidently after the reminder of the contrary. The competition experts noted that the deletion could not be detected by quick look, but through the forensic information device as per the procedures and principles determined by the Guidelines. Within the on-site inspection minutes prepared upon the completion of the on-site inspection, the undertaking’s representatives emphasized that they have provided their utmost support and cooperation to facilitate the on-site inspection that began early in the morning and continued until 19:00 pm by using every means available. In particular, three out of six Unmaş employees whose computer and/or mobile phones were being examined, arrived at the company’s premises despite their Covid-19 concerns, while the other three provided support by means of screen sharing, etc. Furthermore, the messages deleted by the employee minutes before the company’s warning e-mail, which the company became aware of along with the competition experts, were recovered through the other employees’ mobile phones and confirmed by use of forensic information device conducted on the mobile phone of the employee who deleted the messages and voluntarily presented his mobile phone. Therefore, the company asserted that since the deleted messages were recovered and confirmed as a result of the company’s efforts, and as the employee’s individual conduct while physically outside the premises was not attributable to the company, such conduct should not be evaluated as hindering the on-site inspection.

However, the Board found that the deletion was aimed at preventing access to the undertaking’s information which is the primary goal of an on-site inspection since there were messages concerning the operation of the undertaking amongst the deleted WhatsApp correspondences. More importantly, the Board held that although the deleted data could be accessed through a forensic device, this does not have an effect on the hindering/obstructing the on-site inspection, since “accepting the contrary may mean a reward for the undertakings in case the undertakings delete the data but the deletion cannot be accessed through the forensic information devices”.

Furthermore, in the Çiçek Sepeti İnternet Hizmetleri A.Ş. (“Çiçek Sepeti”) decision; the competition experts arrived at the undertaking’s premises at 10:50 am to conduct the on-site inspection and warned the employees not to delete any data from their devices. However, the experts found out that a WhatsApp message was deleted from an authorized person’s mobile device, which was being used for business. The e-mail message was sent to another authorized person of the undertaking at 11:52 am, an hour after the on-site inspection began and deleted shortly after. The deletion was confirmed on both devices. The employee, who deleted the message asserted that, while sending many non-business-related messages during the same period to family and friends in order to prevent receipt of private messages, and some messages to clear his schedule that afternoon, he erroneously sent a message to the other employee and deleted the message because it did not concern that person. The Board did not accept this claim on the ground that the employees were specifically warned not to delete any data prior to the start of the inspection.

Moreover, the experts further discovered on inspection of a mobile device that a specific correspondence was missing, while the correspondence was present at the other employee’s mobile device. Upon inspection, it was determined that the correspondence was made between 11:17 and 11:21 am on the same day. The two authorized persons of the undertaking asserted that they did not have any purpose to hinder or obstruct the on-site inspection, to the contrary, they presented all the devices requested, including the personal ones. However, the Board considered these conducts as hindering/obstructing of the on-site inspection as well and imposed an administrative monetary fine on Çiçek Sepeti.

Lastly, in Fatih Römorkörcülük ve Denizcilik Hizmetleri A.Ş. (“Fatih Römorkörcülük”) decision; the General Director was informed of the on-site inspection upon the arrival of the competition experts at 10:05 am and reminded not to delete any data from the mobile devices and the computers to be inspected, otherwise such deletion may be considered as hindering/obstructing the on-site inspection.

Thereafter, the WhatsApp account of the Personnel Manager, who was not at the premises, was inspected on WhatsApp web application through remote access to his computer. The competition experts specifically searched for the word “atlantic” and found three separate correspondences made on 04.06.2021, 08.06.2021 and 09.06.2021. Upon beginning to review the correspondences one by one, it was detected that one of the correspondences could not be viewed except for the sentences with the word “atlantic” in them, which alerted the competition experts of the deletion. Based on this suspicion, the experts wanted to review not just the relevant parts but the whole correspondence, and found no such correspondence. After being asked about this process, the employee claimed that no deletion was made, that the employee did not know how the relevant correspondences disappeared and that they will submit the relevant correspondences to the case handlers immediately.

The screenshots of the correspondences which were claimed to be the relevant correspondences were submitted to the case handlers. However, when the screenshots were examined, the correspondence dated 04.06.2021 with the word “atlantic” could not be found. Furthermore, it was understood that it was not possible to determine the date range of the screenshots and to prove whether the screenshots include all other correspondences (if any) completely or no messages were deleted. Therefore, the on-site inspection could not be carried out effectively since the correspondences were not completely submitted. Accordingly, the Board held that Fatih Römorkörcülük hindered the on-site inspection and imposed an administrative monetary fine on the undertaking.

Conclusion 

As highlighted above, the importance of complying with the instructions of the competition experts during on-site inspections is crucial under the Board’s “zero tolerance policy”. In light of the Board’s recent on-site inspections, it is becoming more and more important for companies to train their employees in terms of competition law.

[1] The Board’s Pasifik decision dated March 29, 2021, and no. 21-24/279-124 (published at the Authority’s website on November 18, 2021).

The Board’s Unmaş decision dated May 20, 2021, and no. 21-26/327-152 (published at the Authority’s website on November 10, 2021).

The Board’s Çiçek Sepeti decision dated May 27, 2021, and no. 21-27/354-173 (published at the Authority’s website on November 16, 2021).

The Board’s Fatih Römorkörcülük decision dated July 29, 2021, and no. 21-36/486-254 (published at the Authority’s website on November 30, 2021).

[2] The English convenience version of the Law No. 4054 can be found at the Authority’s website through the following link: https://www.rekabet.gov.tr/en/Sayfa/Legislation/act-no-4054.

[3] The Authority have been reviewing, taking copies of and taking into consideration the digital data of the undertakings for over a decade and this practice was upheld by the administrative courts several times.

[4] The English convenience version of the Guidelines can be found at the Authority’s website through the following link: https://www.rekabet.gov.tr/Dosya/guidelines/guidelines-on-the-examination-of-digital-data-during-on-site-inspections1-20201120154515821-pdf.

[5] Groupe Seb İstanbul Ev Aletleri Ticaret A.Ş was fined by the Board through its decision dated 09.01.2020 and no. 20-03/31-14 for not being able to access an employee’s e-mails since the employee started working for the head office in France, which was upheld by the Ankara 3rd Administrative Court (22.02.2021 and no. 2020/905) and the Ankara Regional Administrative Court 8th Chamber (29.09.2021 and no. 2021/1043). Kaynak Tekniği San. ve Tic. A.Ş. was fined by the Board through its decision dated 26.12.2019 and no. 19-46/793-346 for not allowing access to the personal e-mail account, which was being used for business purposes as well, and when such access was allowed, certain e-mails were deleted without possibility to recover. This decision was upheld by Ankara 11th Administrative Court through its decision dated 01.07.2021 and no. 2020/1727.

(Mondaq Link)

2022-04-27T14:35:10+03:00