Legislative background
ComReg is the statutory body responsible for the regulation of the Irish electronic communications sector. A key objective of this regulator, under the 2002 act (as amended – ‘the acts’), is to promote competition.
As part of its functions, ComReg – provided it receives the imprimatur of the European Commission – may designate a particular operator as having significant market power (SMP). If so designated, this means that the relevant entity may be placed under supplementary regulatory obligations.
At the relevant time, Eircom Limited, trading as Eir, was designated as having SMP in the provision of wholesale broadband services.
This meant that Eir’s wholesale arm, Open Eir, was obliged to provide third-party suppliers of retail broadband services with access to its network, while also being subject to a price-control framework, including a ban on wholesale discounts.
Eir’s proposal
In any event, Open Eir, in early 2023, published details of a proposed discount scheme for its wholesale broadband customers (for example, Sky). ComReg duly informed Eir that the proposed scheme potentially infringed the relevant SMP requirements and commenced an investigation under the acts. Eir, therefore, quickly withdrew the relevant proposal.
That said, ComReg remained concerned that the mere plan to implement such discounts might breach Eir’s relevant obligations.
Therefore, over three days in late May and early June 2023, ComReg, using its powers under the acts, conducted a surprise visit or ‘dawn raid’ of Eir’s premises and seized copies of the latter’s digital data.
(Curiously, under the acts, ComReg is not obliged to obtain a District Court warrant before launching a dawn raid. This contrasts with the situation of the Competition and Consumer Protection Commission under the Competition Act, which must satisfy the relevant District Court that there are reasonable grounds for suspecting that an infringement of EU/Irish competition law is taking place at a particular premises. If so, only then can a district judge grant a search warrant.)
Statutory interpretation
As mentioned above, the court, in interpreting the relevant provisions of the acts, followed recent findings of the Supreme Court in Heather Hill.
In the relevant judgment, Murray J refers to four principles of statutory interpretation that seek to ensure that the distinction between, on the one hand, the permissible admission of context coupled with the identification of purpose and, on the other hand, the impermissible imposition on legislation of an outcome that appears reasonable to a particular judge, remains clear.
Firstly, the Supreme Court found that legislative intent is a misnomer. The subjective intention of individual Oireachtas members is not relevant to interpretation.
Secondly, a court’s task is to ascertain the legal effect of a statute by using a framework developed by both legislation and common law. This approach may produce a result that, in hindsight, some parliamentarians did not envisage.
Thirdly, the actual words of the relevant legislation are the best signpost regarding what parliament wished to achieve. In deciding what is the relevant legal effect, the plain meaning or literal approach to the relevant provision is the preferred point of departure, because this is what legislators had before them when they adopted the relevant statute.
Finally, the Supreme Court held that the best guide regarding the purpose of the legislature is the statute read as a whole. Where the apparently clear language of a specific provision is not followed by a court, the context/purpose must be clear and specific, with the alternative view proven by the broader language of the relevant statute.
The court used the Heather Hill principles to decide whether to approve the ‘step plan’. (More broadly, the decision of Murray J constitutes a ‘gold standard’ in terms of the canons of statutory interpretation).
The step plan
To continue its investigation, ComReg wished to access the seized data while, at the same time, respecting Eir’s rights to confidentiality regarding any legally privileged or irrelevant documentation.
Accordingly, ComReg brought an application under the acts before the High Court seeking approval for its planned treatment of the seized data (the ‘step plan’).
This was opposed by Eir, which argued that the confidentiality of the relevant material would not be ‘maintained’, as required under this legislation. (Pending the court’s decision, ComReg did not have access to the seized data, as it was kept in the electronic equivalent of sealed evidence bags.)
The step plan proposed a series of electronic word searches of the seized data, in each case considering any submissions of Eir regarding which terms should be used, in order:
- To identify file/domain names related, for example, to media, transport/accommodation, ‘out of office’ replies, plus healthcare providers, which are clearly personal to Eir staff, for the purpose of removing irrelevant documentation,
- To find domain names plus email addresses of lawyers/ law firms, with the aim of eliminating legally privileged material, and
- To use terms that will identify documents relevant to the investigation.
After completing the relevant word searches, ComReg proposed to commence its analysis of the seized data. The key issue before the High Court was whether the electronic word searches were to be conducted by Eir (the regulated entity that had its data seized) or by the regulator, ComReg, which had gathered that material as a result of exercising its investigative powers.
The court held that, while the acts provide that the confidentiality of the regulated entity’s information is to be maintained, it is impossible to guarantee that the searches conducted by ComReg will remove all privileged and/or irrelevant information.
Regardless of who conducts the search, the court noted that a strict literal or plain meaning interpretation of the acts, as argued by Eir, meant that confidentiality must be 100% guaranteed.
However, this could never be achieved – whomever conducts the electronic word searches. With over 320,000 documents to be processed, there will always be a risk that some privileged legal advice to Eir, or the private or personal correspondence of an Eir staff member, might not be removed after the electronic word searches have been completed.
However, just because ComReg cannot guarantee absolute confidentiality is not a reason for the court to order Eir to conduct the search.
In other words, it was not clear to Twomey J that the literal meaning of ‘confidentiality [is to] be maintained’ is that confidentiality must be 100% guaranteed, as this is impossible to achieve in practice.
Indeed, interpreting this provision as meaning that confidentiality must be guaranteed (and so the electronic word searches must be conducted by Eir) is only possible if the phrase is read in isolation from the rest of the acts, without any consideration for its specific purpose.
Where the seizure of data by a regulator during a dawn raid is permitted by law, the starting point is that the search of this material is led by the regulator, otherwise the very purpose of the statute is nugatory.
The context and purpose of the acts are clear and specific: the very nature of the seizure of material is that it is to be conducted by ComReg. This is the context against which the relevant statutory provision must be interpreted.
Court’s findings
The court therefore concluded that ComReg should conduct the searches while seeking to maintain confidentiality, even though this cannot be 100% guaranteed for every single document.
Twomey J found that it is the most consistent interpretation with the context and purpose of the acts. Otherwise, the purpose of the statutory investigative powers of ComReg would be undermined.
The court therefore approved the step plan, subject to a small number of minor modifications.
Separately, the court stated that it would have been preferable if Eir had meaningfully engaged with ComReg in identifying potential terms for the electronic word searches seeking to eliminate privileged and/or irrelevant information.
Indeed, the court stipulated that Eir is the party best placed to suggest such terms, given that its data will be searched. (Moreover, the court noted that Eir’s actions had delayed ComReg’s investigation by several months.)
Broader consequences
Twomey J’s findings have important practical implications for the aftermath of dawn raids and will inform the conduct of, and engagement between, regulators and regulated entities.
The starting point is that the regulator should conduct the search to remove irrelevant and privileged information from any data seized. However, given a regulated entity’s familiarity with and access to the original material, the courts would expect them to contribute meaningfully to that process.
The approach taken to the searching of the seized data in this case appears to have involved only the use of keyword searches to eliminate legally privileged and/or irrelevant documentation.
This highlights the need for businesses to adopt a structured plan for data storage/management. This would include labelling or separating potentially privileged material when generated/ received, thus easing the task of identifying and segregating such documentation when required.
This decision constitutes a useful addition to the Supreme Court’s findings in CRH plc & Ors v the CCPC ([2017] IESC 34).
Following the court’s criticisms of its seizure, during a dawn raid, of the entire email account of a senior CRH executive without adequate protection for both privacy rights and legal professional privilege, the CCPC, last year, adopted a protocol establishing safeguards for material that may be the subject to either category of claim during a dawn raid.
The 2023 protocol contains five principles to be followed by the CCPC: legality, proportionality, necessity, fairness, and transparency.
While the CCPC is primarily subject to a single legislative framework (the Competition Act), and ComReg operates under both this (in terms of electronic communications and services) and also the Communications Regulation Act, the approach of the latter to its investigation of Eir aligns with the 2023 protocol.
That said, this latter text does not address how the CCPC would deal with potentially irrelevant information. Accordingly, the High Court’s judgment contains very useful complementary lessons for future investigations, whether under EU/Irish competition rules or under the acts.
Cormac Little SC is a partner in William Fry LLP and is head of its competition and regulation team.