Hold the phone: antitrust authorities looking closely at instant messages in dawn raids
On 24 June, the European Commission fined International Flavors & Fragrances (IFF) €15.9 million for deleting WhatsApp messages during a dawn raid. This is the first time the deletion of phone messages has led the EC to issue an obstruction fine.
This blog post looks at the focus on digital devices in the context of dawn raids, how it impacts the cooperation obligations, and what businesses can do to make sure they don’t end up on the receiving end of an obstruction fine.
Antitrust authorities focus on electronic documents and devices
As communication evolves and becomes increasingly digital, electronic documents and digital devices are being put to the front and centre of antitrust investigations. In fact, one of the first things an antitrust authority will do in a dawn raid is seek access for its forensic staff to the business’s entire IT environment. However, the IT environment no longer just means desktops and servers in an office, but includes:
- Instant messages, including WhatsApp and other text messages as well as ‘ephemeral’ messages.
- Digital devices, such as smartphones, tablets and laptops. This also includes personal devices – if those devices are used for business purposes.
- Data stored in the cloud.
As soon as in investigation starts (with a dawn raid, RFI, or decision to open an investigation), the businesses under investigation are subject to a general obligation not to conceal, modify or destroy documents (this obligation also applies to leniency seekers outside of the dawn raid context). To do so, amounts to obstruction and may result in hefty fines (and, in some jurisdictions, criminal charges).
The takeaway: Expect antitrust authorities’ searches to focus primarily on digital evidence – including what can be found on personal devices, to the extent that they are used for business purposes.
Authorities across the globe have been keeping pace with digital developments, and they have the technology – and appetite – to detect attempts to obstruct investigations by destroying digital messages and tampering with devices. This is illustrated by the recent fine imposed by the EC on IFF, the Ofcom decision to fine Sepura, and by recent guidance released in the US.
The IFF obstruction fine
The EC fined IFF for obstruction when a senior employee deleted WhatsApp messages that had been exchanged with a competitor. The employee deleted them after being told about the EC’s inspection (a factor that the EC considered made the infringement “of a very serious nature”) and did not tell the EC about the data deletion (presumably, if they had, that would have been a mitigating factor). The EC discovered the deletion after the employee’s mobile phone was submitted to the EC’s Forensic IT team, for review.
The takeaway: Expect antitrust authorities to have the forensic tools to detect deletion or manipulation of electronic information (including instant messages).
Information exchange cases based on chat messaging evidence
Antitrust authorities are looking closely at instant messages for evidence, and indeed text messages have been used to prove an infringement for some time. For example, more than a decade ago, the EURIBOR cartel was conducted mainly through chat-rooms and instant messaging services.
More recently, in 2022, Ofcom (the UK regulator for communications services, which has antitrust investigatory powers) fined Sepura GBP1.5m for breaching competition law after senior employees exchanged competitively sensitive information with Motorola via text messages. The text message exchange between the employees essentially formed the entirety of the evidence for the case against Sepura.
The takeaway: Expect antitrust authorities to want to look closely at instant messages, also on personal phones and tablets.
US guidance on ‘ephemeral messages’
In January 2024, the Federal Trade Commission (FTC) and Justice Department (DOJ) published updated guidance to caution against the increasing use of ephemeral messaging (i.e. instant messaging applications that allow – or even automatically enable – the immediate and irretrievable destruction of communication and documents) in the modern workplace. The FTC and DOJ reiterated that these types of messages are still covered by document requests, and that where businesses fail to properly retain and produce them during an investigation, they may face civil sanctions or criminal prosecution.
The EC has not taken any position. However, companies will struggle rebutting indications of anticompetitive conduct where such services are involved. Their use may well be seen as one indication for inappropriate conduct.
The EC is currently evaluating Regulation 1/2003, which governs antitrust procedural rules within the EU. During a series of workshops held on 12 October 2023 in Brussels, the imposition of freezing orders was a topic of significant discussion. These proposed orders would explicitly enable the EC to impose temporary restrictions on the deletion or alteration of data, ensuring the availability of information throughout the course of an investigation.
The takeaway: Even if your messages disappear, the obligation not to conceal, modify or destroy those messages remains. The start time of such an obligation will vary depending on the status of the defendant. For example, whether a company is a leniency applicant or not is relevant.
What can you do to manage risk?
In light of these developments, we set out a few practical steps for your business to consider:
- Conduct compliance training. Ensure that employees understand their obligations under antitrust law, and make sure compliance training addresses the specific risks of sending instant messages – including via ephemeral messaging platforms – to competitors.
- Conduct dawn raid awareness training. Ensure that employees (especially the IT team) are trained to know what to do in the event of a dawn raid. In particular, make sure they are aware that the obligation not to destroy, modify or conceal evidence will extend to instant messages and personal devices, irrespective of where these are stored.
- Check your mobile phone and portable device policy. In a dawn raid, the antitrust authority is likely to demand access to employees’ mobile phones and other devices – including, in some situations, their personal devices. The obligation to hand over employees’ mobile phones does not disappear just because an employee is out of town or working from home. Make sure employees are aware of the risks of using their personal devices for work purposes (i.e. they might have to hand them over in a dawn raid) and have procedures in place to get employees’ mobile devices / data if they are out of office.
- Be prepared to issue hold notices across the company upon the start of a dawn raid or other information gathering exercise by the authorities.
- Whistle-blowers, put cooperation agreements in place before going to the authority (but be careful). Ensure your business has made arrangements to avoid the deletion of evidence when making a leniency application. However, this needs to be done carefully to avoid the risk of tipping off other businesses or employees who have not been cleared to know about the steps being taken to cooperate with the authorities.