The interface between data protection law and competition rules has become a growing area of interest for companies and lawyers. First, in the course of unannounced inspections (the so-called "dawnraids"), European Commission and national competition authority officials typically review company records and search employees’ e-mails and electronic files and records (including those which people thought had been deleted). They will make hard and/or soft copies of relevant documents and in certain cases may even seize entire hard discs. This raises the question of whether such intrusions are compatible with data protection rules and thus which restrictions such rules impose on the ability of competition officials to collect and process data seized during inspections. Another intersection between competition law and data protection law arises where companies need to collect and further process data from their employees to respond to a competition authority’s request for information or a statement of objections in the course of a pending competition law investigation. Companies may also wish to access and review e-mails and other employee records so as to uncover potential competition law infringements (e.g., in the context of a compliance programme) or to prepare a leniency application.
Against this background, this paper seeks to identify the limits that may be placed by data protection law on competition authorities, on the one hand, and companies, on the other hand, to collect and further process personal data in the context of competition law investigations.
This paper is divided into four sections. Section II briefly sets out the legal framework for data collection and processing in the EU. Section III explains the key data protection principles and Section IV identifies the key players in the context of EU data protection law. Section V elaborates on the key data protection principles and how they apply to competition authorities on the one hand and companies on the other hand. Section VI discusses the legal consequences of non-compliance with data protection rules. Section VII concludes.'The Applicability of Privileges to Employees’ Personal E-Mails: The Errors Caused by the Confusion between Privilege Confidentiality and Other Notions of Privacy' (UC Davis Legal Studies Research Paper No. 362) by Edward J. Imwinkelried states -
Americans will generate approximately seven trillion e-mails this year. Each year employees send hundreds of billions of e-mails from their work accounts. Some of these e-mails relate to personal matters, including communications with spouses and confidants such as attorneys and therapists. Yet, many employers have formal policies both prohibiting personal use of the work account and reserving the employer's right to monitor e-mails sent through the work account.
The question has arisen whether the traditional privileges such as attorney-client and spousal attach to e-mails sent through the employee's work account. Does the employer policy negate the confidentiality ordinarily required for the privilege to attach?
That general issue has triggered a number of splits of authority. Two are especially noteworthy. One question is whether the same confidentiality standard applies whether the employee is asserting the privilege against the employer or a third party. Some courts have indicated that the employee may invoke the privilege against a third party even when the employee could not assert the privilege against the employer. A second question is whether the existence of an employer policy automatically precludes privileges from attaching. Some courts have adopted a flexible, multi-factor test including such considerations as whether the employer actually monitors or has made inconsistent representations to the employee. However, other courts -- the majority -- have ruled that the existence of the employer policy is dispositive, precluding any privilege claim by the employee.
This article criticizes the view that the confidentiality standard varies as well as the view that the existence of an employer policy is dispositive. Both views distort the basic concept of confidentiality. The first view is flawed because the concept of confidentiality requires the holder's intent to exclude all parties outside the circle of confidence. The employer is not within the circle including the employee and his or her confidant. Thus, if the employee impliedly consents to the employer's monitoring, there is no privilege to assert -- whether the opposing litigant is the employer or a third party. The second view is equally unsound. That view confuses the normative meaning of reasonable expectation in Fourth Amendment jurisprudence with the factual meaning of reasonable expectation in privilege law.
Confidentiality is the central concept in modern privilege law. Three quarters of the published opinions addressing privilege issues turn on the confidentiality concept. The courts must resolve the modern disputes over the applicability of privileges to employees' e-mails on work accounts without distorting that basic concept.