Gone but not forgotten: how deleted messages can cost millions
09 August 2024In June 2024, the European Commission announced that it had fined International Flavors & Fragrances (IFF) over €15m for obstructing an antitrust dawn raid by deleting WhatsApp messages with a competitor. This is the first time the Commission has penalised a company for the deletion of such data during the course of a dawn raid.
Background
EU Regulation No 1/2003 (the Regulation) empowers the Commission to conduct surprise in-person inspections (commonly known as dawn raids) to secure evidence from businesses suspected of infringing EU competition law.
Under the Regulation, businesses must submit to mandatory inspections and actively cooperate with the Commission’s inspectors, including by making available all relevant information. The Commission has the power to inspect and copy business-related information; irrespective of the medium on which they are stored. This means the Commission can examine data on corporate phones (as well as private phones where they are used for business purposes), including in messaging apps like WhatsApp. The Commission employs forensic IT experts and tools, including for the purposes of detecting and recovering deleted or manipulated electronic information.
The Commission can impose fines of up to 1% of a company's total turnover for obstruction of a dawn raid, including the submission of incomplete or tampered records.
The raid and fine
The Commission conducted dawn raids at the premises of several companies in March 2023 as part of an ongoing investigation into suspected anticompetitive conduct in the consumer fragrances sector. During the inspection at the premises of the French subsidiary of IFF, Commission inspectors asked to review the mobile phones of some of IFF’s employees. During the course of their review, the inspectors determined that a senior IFF employee had intentionally deleted WhatsApp messages after being informed of the raid. The deleted messages contained business-related information and were exchanged with a competitor of IFF.
The Commission was ultimately able to restore the deleted data with the help of IFF during the inspection, but the deletion of the messages nevertheless constituted an obstruction as the requested records had initially been submitted in incomplete form. The Commission therefore decided to impose a penalty on IFF.
The Commission considered several factors in setting the fine, including the intentionality of the deletion, the type of information deleted, the employee’s senior position within IFF, and the need to deter other companies from tampering with electronic records. The Commission initially set the fine at 0.3% of IFF’s total turnover, which amounted to €31.8m. However, IFF secured a 50% reduction of the fine, due to its immediate admission of deletion, its assistance in data restoration, and its engagement in the cooperation framework to resolve the matter. This was the first use of the Commission’s cooperation framework in a procedural infringement case and is inspired by the Commission’s cartel settlement process, which similarly enables the Commission to adopt a streamlined resolution process in exchange for a reduction in fines. The final fine imposed on IFF was €15.9m, representing 0.15% of its total turnover.
Lessons learned
This is not the first fine the Commission has imposed for obstruction of a dawn raid, nor is it the largest (that being a €38m fine imposed on E.On in 2008). However, it is the first fine the Commission has imposed for the deletion of messages exchanged via social media/messaging apps, and demonstrates the Commission's continued determination to enforce its inspection powers and sanction any obstruction it encounters (even where that obstruction is remedied by the company during the course of the inspection). In announcing the fine, the Commission also made a point of noting that it continuously invests in its forensic IT capabilities to detect tampering or deletion of evidence, and expects companies to preserve evidence and comply with its inspections. Companies at risk of antitrust scrutiny should therefore make sure that they are aware of the Commission's inspection powers and the potential consequences of deleting or manipulating information.
As use of messaging apps becomes ever more ubiquitous, the likelihood of them being employed to engage in or coordinate anticompetitive conduct increases. Indeed, the UK Financial Conduct Authority recently imposed fines on money remitters for engaging in a cartel that was implemented via a WhatsApp group (see our recent update). Although some businesses will have policies prohibiting the use of such apps for business purposes, at the same time they should – as part of their dawn raids readiness efforts – be sure they instruct employees to cooperate with inspections and preserve all evidence, regardless of whether it sits within authorised channels.
Get in touch