Copying mobile phones containing non-business data permitted
4 december 2017
The Netherlands Authority for Consumers and Markets is permitted to copy mobile telephones containing non-business data, according to a judgment rendered in preliminary relief proceedings.
The District Court of The Hague recently ruled in preliminary relief proceedings that the ACM does not require permission from the court to investigate mobile telephones (and copy in full the data that they contain) belonging to persons involved in cartel investigations. This authority extends to copying data that is not business related.
The court ruled that the ACM may copy data in order to subsequently select the data that it might need for its investigation. The importance of the investigation outweighs the right to privacy, provided that safeguards are in place to prevent the ACM from accessing data that falls outside its authority.
In the proceedings in The Hague, the court found that the ACM Procedure for the Inspection of Digital Data (“Digital Procedure”) offered the necessary safeguards. On the basis of the Digital Procedure, a company that is under investigation can inform the ACM of its concerns regarding the selection of data by the ACM. If necessary, it may refer the matter to court. The court also took into account the ACM's explanation that any person whose data is copied during the investigation may inform the ACM directly, i.e. without first notifying the company, why he or she believes that the copied data is not business-related. This claim does not need to be justified in detail. According to the ACM, this provides sufficient privacy safeguards.
The ACM's explanation is helpful in terms of practical application. As the Digital Procedure applies to companies as the subject of the ACM's authority to access data, this explanation now shows how the ACM views the position of individuals who become involved in its investigations. In addition, the right to privacy could derive further protection from the ACM's explanation that claims regarding data privacy do not need to be justified in detail.