Contributed By Nysingh Advocaten-Notarissen N.V
The ACM is allowed to execute its investigative powers only to the extent that is reasonably relevant for the completion of the task at hand, ie, to examine data that reasonably falls within the scope of the investigation.
However, the ACM is not entitled to examine communication falling under attorney-client privilege.
ACM officials are entitled to seize documents or data carriers like laptops or mobile phones only if it is not possible to make copies at the companies’ premises, and only for the time needed to make those copies. Written proof of the seizure shall be provided.
In practice, an inspection focuses on digital data (see 2.9 Enforcement Agency’s Procedure for Obtaining Evidence/Testimony, below). To this end, the ACM published its inspection procedure regarding digital data in 2014. Once data have been secured, the enforcement official hands an overview of the data in the secure data set to the individual involved, including the relevant hash values. The purpose of calculating a hash value is safeguarding a file’s integrity. Any change to a file will result in a different hash value.
No later than the moment of making them available for perusal, the ACM official hands to the individual involved an overview of the data set that, given their nature and/or contents, may reasonably fall within the objective and subject of the investigation (the within-scope data set), and of the manner in which the within-scope data set was realised. According to the 2014 ACM Procedure for the inspection of digital data policy rules, the search queries that have been used are provided immediately to the individual involved after a data search has been conducted, and the individual involved also receives the reasons for using the search queries at the moment of granting the inspection. It could be suggested that providing the search queries after a data search has been conducted is not in accordance with the law, since it gives the ACM the authority to require inspection of business information and documents, which implies that the ACM should ask for the documents it wants to inspect.
An enforcement official may see reasons to demand inspection of the data under Article 5:17 of the General Administrative Law Act without having inspected it at the time the data were demanded and secured. If the enforcement official inspects the demanded and secured data in order to assess whether it is within scope, and the individual involved indicates that some of the data concerns privileged correspondence, the enforcement official will give the individual involved the opportunity to be present at the offices of the ACM when such data is inspected.