The High Court recently dealt with the question of whether the regulator or regulated entity was responsible for determining if seized data was irrelevant / privileged so as to be excluded from review as part of an investigation. The Court determined that it must be a matter for the regulator and set out a detailed explanation as to why. The decision may serve to eliminate similar challenges in other cases involving regulator review of seized data. Gearoid Carey and Gerard Kelly examine the decision below.

In the context of a bulk data seizure, a regulator’s investigation should not include review of irrelevant or privileged material. However, who should determine if material is irrelevant / privileged and therefore be excluded from the investigation? The High Court recently has considered whether that determination should rest with the regulator (which had seized the data) or the related entity (whose data was seized) so as to preserve the confidentiality of that material.[1] Although the regulated entity argued it should not be for the regulator to undertake this exercise, the Court disagreed. It held that the regulator must undertake this as it would otherwise be inconsistent with the regulator’s functions. It held that where search and seizure is permitted by statute, then it follows that the starting point is that the search of the data is to be undertaken by the regulator. The Court held it would go against the very purpose of the statute for the regulator not to carry out this exercise.

Background

An investigation was conducted by the Commission for Communications Regulation (ComReg) into Eircom. This related to the publication of a proposed discount scheme for access by Eircom’s wholesale customers. ComReg considered that this did not meet regulatory requirements and could impact competition. Despite the withdrawal of the proposed scheme by Eircom, ComReg felt it was inconsistent with Eircom’s regulatory obligations for it to engage with others in the market about the proposed scheme before it had been approved by ComReg. After an unannounced search of Eircom’s premises, in accordance with its statutory powers ComReg seized some of Eircom’s data . The materials seized by ComReg were held in sealed evidence bags. ComReg applied to the High Court for the approval of a ‘step plan’ to permit the review of the data, some of which it was accepted would be irrelevant or privileged. In broad terms, the step plan envisaged a series of electronic word searches, on which Eircom could make submissions, to exclude irrelevant and privileged information. After the exclusion of material based on the word searches, ComReg would undertake its review of the balance of the materials. Eircom objected and maintained that, in order to ensure the confidentiality of its data, which is a statutory requirement, it rather than ComReg should undertake the review exercise.

Analysis

The Court looked at the functions and objectives of ComReg under the establishing legislation, the Communications Regulation Act 2002, as amended (the Act). These included ensuring compliance with obligations relating to the supply of access to electronic communications. ComReg was also entitled to carry out investigations with an objective of ensuring competition. Section 39 of the Act gave ComReg search and seizure powers. The Court noted that these powers were “very wide ranging”.

Although Eircom had not challenged the legality of the search and seizure, which it could have done, it did object to what ComReg now proposed regarding review of the materials seized. At the outset, the Court observed that it would have been preferable if Eircom had engaged with ComReg regarding appropriate searches. Its stated expectation was that Eircom would have engaged as the only real issue between the parties was regarding who would conduct the searches to eliminate privileged and irrelevant information from the seized data.

The Court then considered whether it could approve an approach envisaged by the step plan put forward by ComReg. The Court held that it could. It stated that it could give directions for a plan like the one proposed which involved electronic word searching to eliminate privileged and irrelevant data. Bearing in mind the obligation to maintain confidentiality, in considering who should apply the terms involved, the Court rejected any assertion that this meant that there needed to be 100% certainty that nothing irrelevant or privileged was reviewed by ComReg. That was a standard which could not be met, irrespective of who undertook the review exercise.

Instead, by reference to the statutory powers afforded ComReg, the Court determined that where a search and seizure by a regulator is required by statute, as here, “the starting point is that the search of the data is done by the regulator, not the regulated, since otherwise the very purpose the statute… is effectively set at nought.” Therefore, the powers of a regulator to conduct a search and seizure would have no purpose if the search were to be conducted by the regulated entity. That would amount to the regulated entity being entitled to hand over what it chooses.

The obligation for ‘confidentiality [to] be maintained’ must be interpreted in light of provisions of the legislation which were clear and specific regarding its purpose. The Court observed that the very nature of a search and seizure by a regulator is that it is to be conducted by the regulator. This meant that the initial exclusionary review was to be undertaken by ComReg. In addition, the Court held that ComReg was justified in seeking – and obtaining - approval of the step plan which adopted that approach. The Court also affirmed the principle[2] that regulatory bodies, like ComReg, “should be granted a substantial latitude when exercising their public duties, in particular in relation to determining, as in this case, whether material is relevant or not to their investigations.”

The approach adopted by ComReg in this case clearly takes account of the Supreme Court decision in CRH.[3] In this decision, a very broad search and seizure undertaken by the Competition and Consumer Protection Commission (CCPC) was successfully challenged. The Supreme Court concluded that the CCPC must have been aware that it would inevitably take large quantities of material outside the scope of its investigation. It criticised the CCPC for not taking steps to address this. In finding that the CCPC had acted outside of the powers contained within the relevant legislation and breached privacy rights, the Supreme Court stopped the CCPC from reviewing any material or any of the data “which were the fruits of this unlawful search.” Regarding privileged legal material, in particular, it noted that it was for the parties to seek to reach agreement with regard to how material outside the scope of the warrant might be dealt with. Mr Justice Charleton suggested the use of keyword searching to narrow down the material involved. Here, in contrast, ComReg had sought to engage on a process to avoid it reviewing irrelevant / privileged materials - from a universe of seized material which Eircom did not challenge - and had sought court approval for its step plan before commencing its review, which included keyword searching.

Conclusion

The decision is an important one. It confirms that, in cases where a regulator has powers of search and seizure, the determination as to how to eliminate irrelevant / privileged material should rest within the regulator. This is, however, subject to the relevant statutory wording. Therefore, although this case is specific to the Act as it relates to ComReg and its powers, the decision is potentially applicable to other regulatory arrangements. Other regulators and regulated entities may take their lead from this decision and this could serve to speed up other instances of Irish antitrust and regulatory enforcement.

For more information and expert advice on commercial disputes, contact a member of our Commercial Disputes team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

[1] [2024] IEHC 49

[2] See the Supreme Court decision in CRH plc v The Competition and Consumer Protection Commission [2017] IESC 34

[3] CRH plc v The Competition and Consumer Protection Commission [2017] IESC 34