By Juan David Gutiérrez (Avante Abogados)1
Plenty of water has run under the bridge since the Constitutional Court published its ruling in case C-165 of 2019,2 in which it ruled on dawn raids carried out by the Superintendence for Industry and Commerce (“SIC”), Colombia’s competition authority. Various forums have discussed the gaps that remain in the Superintendence’s powers, particularly regarding dawn raids during investigations into alleged anticompetitive practices. The matter has not lost its urgency because of the COVID-19 emergency: the SIC is already performing virtual dawn raids.
The Constitutional Court’s ruling failed to answer some doubts regarding factual situations where there are tensions associated with the right to privacy and due process. For instance, case C-165 of 20193 established parameters regarding access to computers and institutional e-mails over the course of a raid, yet remained silent regarding personal devices (e.g. cellphones) and personal e-mail accounts employees may use for work purposes. On one hand, these personal tools could be used to break the law – for instance, to coordinate a price-fixing agreement – but on the other, the authority must respect the individual’s right to privacy.
The central aim of this text is to offer a concrete proposal for the SIC to fully regulate its powers to conduct raids in order to verify compliance with the law. There is no need to wait for new lawsuits and rulings for the SIC to set the limits to its functions. The SIC might prevent future conflicts and contribute to legal certainty by releasing a guide for carrying out its raids. Currently section 7.1 of Title I4 of the SIC’s Notice regulates, in little more than one page, such activities, and expanding upon it is an opportunity for improvement the authority might well implement.
What should be contained in a protocol to allow the SIC to make use of its power to carry out raids to gather evidence, while also protecting people’s fundamental rights? Fortunately, we don’t need to reinvent the wheel. Some of the SIC’s peers in other jurisdictions already have such protocols and directives. These are regulations that guide their own officials, and inform those under investigation of what to expect during such procedures. Such is the case for authorities in Brazil,5 Ecuador,6 Panama,7 Austria,8 and the European Union,9 among others. Along these lines, this past October the Peruvian competition authority (“INDECOPI”) published its project10 for “Inspection Raid Guidelines.” These guidelines have the goal of “guiding the reach of these investigative actions for detecting anticompetitive conduct.”
Based on the experience of other jurisdictions, I propose five examples of matters that could be set out in the SIC’s guidelines to regulate their dawn raids:
- Contents of the Administrative Act to order the Raid and the Notice of Authorization. Setting the minimum required content to be included in the order to carry out the dawn raid, with the corresponding authorization document, which must be carried by the SIC officials assigned to perform the raid. A copy of the latter should be delivered by the officials at the start of the raid on the company. Currently, the SIC’s Notice merely states that officials must identify themselves with their ID card and a letter from their superior. In the authorizing document one should, at a minimum, identify the administrative act in under which the raid has been ordered, the names of the officials assigned to it, its purposes, and a list of allegedly infringed regulations, for example. There has been some discussion in Colombia over whether such an authorization should have information regarding the theory of harm. On this point, we find different answers. In the European Union, on one hand, the explanatory notice on dawn raids for the European Commission establishes that officials are not obligated to explain “in detail the object of the investigation” or to justify “one way or the other the decision” to carry out the raid. In the case of Peru’s Guidelines project, on the other hand, the “Inspection order” must give “knowledge to economic agents that they are involved in an investigation, indicating in general outlines what is being searched for in said procedure and on what matter and facts this action is based.”
- Role of the Company’s Lawyers. Outlining the role that may be played by a company’s internal and external counsel before, during, and after the dawn raid. For example, the explanatory note for the European Union establishes that the company targeted by the raid has a right to consult their legal advisors, although their presence “is not a legal condition for the inspection’s validity.” Overall, the explanatory note establishes that officials may accept “a brief delay until consultation with legal advisors is finalized” before beginning with their Raid activities. Similarly, the Peruvian Guidelines project includes a section on the “right to the assistance of a lawyer.” It is stated those under investigation may be “assisted by the internal or external legal advisor of their choice,” but that their presence “is not an indispensable requirement for initiating the procedure, nor can their absence condition the performance of the visit.”
- Access to electronic devices and data storage supports. Establishing rules on access to electronic devices that contain data messages (e.g. servers, computers, telephones, tablets, etc.) and their storage support systems (external hard drives, DVDs, USB thumbsticks, etc.). The European Union explanatory notice, for example, indicates that all documents associated to the company may be verified during a dawn raid, which includes “the examination of electronic information and the making of digital or paper copies of said information.” Further, the notice indicates that the above also includes any private devices officials may use for personal reasons when found in the company’s premises. The Peruvian Guidelines project tackles this issue in greater detail and proposes mechanisms for safeguarding the investigated subject’s rights. For instance, it establishes that officials must not carry out indiscriminate searches, and that throughout the procedure they must allow “those being investigated to indicate what documentation would be irrelevant to the investigation (for example, folders with personal photographs, family documents), requesting that these are not collected.” In addition to the above, it might be worthwhile for the SIC’s guidelines to precisely state what parameters might be considered in order to protect attorney-client privileges.
- Preserving the originality and integrity of data messages. Establishing basic principles on the use of search tools on electronic devices by officials, in order to preserve the integrity of messages obtained, in accordance with the terms indicated by Law 527 of 1999. The guidelines in other jurisdictions do not tackle this issue in detail, although they do indicate that officials must use tools that will allow for the preservation of the integrity of the companies’ systems and data. On this point, the experiences of the SIC’s Forensic Informatics Team could be the main source for developing basic principles on the use of electronic data-search tools. For example, some experts on the subject, such as engineer Bayron Prieto, have recommended the SIC adopt procedures that are not so invasive, such as the abrupt manipulation of devices (e.g. unplugging equipment from the power supply).
- Step by step guide for dawn raids. Offering directives to officials on how to plan, carry out, and back up a dawn raid. In Section 7.1 of Title I of the Notice, the SIC offers instructions on how to carry out a raid in general terms. However, it would be worthwhile to consider the examples of Brazil and Ecuador, both of which offer more detailed directives. The manual published by the Brazilian competition authority (“Procedures for civilian search and confiscation”) contains five sections on: validating the case, preparing the procedure, launch and development of the raid, and consolidation of the captured information. On the other hand, the instruction booklet published by the Ecuadorian competition authority establishes operating principles for carrying out raids, a route document for the same, activities to be performed during its execution, evidence management, and the contents of the procedure’s finalizing act.
In summary, this proposal urges the SIC to pour their experience into a public set of guidelines. In other words, to treat dawn raids as a matter for public management, which merits the creation of a manual establishing principles, protocols, and directives for officials. In this way the SIC may avoid future lawsuits and controversies.
We propose that the authority consider publishing guidelines that will respect the rights of people, that avoid harming the effectiveness of raids and the overall process itself (due to possible omissions), and that will preserve the function of dawn raids. This may be a good chance for the SIC to consolidate the best practices proposed by their own officials over many years, and to enshrine them in guidelines that will contribute to greater legal certainty.
1 Partner, Avante Abogados.