Protection of personal data in the context of oral hearings in competition law cases before the European Commission.
- 29 JUNE 2021
1. Overview
Oral hearings in antitrust and merger control proceedings before the European Commission involve the processing of personal data (information relating to identified or identifiable individuals).
The individuals whose personal data are processed in this context have rights (such as the right to rectification) under Regulation (EU) 2018/1725(1).
Before identifying the relevant data protection rights and providing the contact details of the data controller and the data protection officer, this privacy statement describes the:
- different types of processing involved;
- purposes and legal basis of this processing;
- types of personal data processed;
- categories of individuals concerned;
- categories of recipients of the personal data concerned;
- applicable data retention periods; and the
- safeguards that apply to the storage and use of the personal data.
(1) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39.
2. Why and how personal data is processed for oral hearings
Oral hearings allow parties to which the Commission has addressed objections in the context of antitrust or merger control proceedings to develop the arguments that they have made in writing in response to those objections.
The Hearing Officer for competition proceedings is responsible for organising and conducting these oral hearings(2). This is a task carried out in the public interest and in the exercise of official authority (within the meaning of Article 5(1)(a) of Regulation (EU) 2018/1725). It requires the collection and use of certain types of personal data, as described below. It does not involve automated decision-making.
2.1 (Draft) lists of participants
The entities that take part in oral hearings (‘Participating Entities’) are:
- the addressee(s) of the Commission’s ‘statement of objections’
- any invited third parties (such as complainants);
- relevant authorities of the EU Member States;
- relevant teams within the European Commission; and
- in cases concerning the Agreement on the European Economic Area (EEA), the EFTA Surveillance Authority (and possibly relevant authorities of Iceland, Liechtenstein and/or Norway).
The Hearing Officer draws up a list of individuals planning to attend the hearing. Before the hearing takes place, the Hearing Officer emails this list to the Participating Entities. At the hearing, the Hearing Officer distributes paper copies of the latest version. The list of individuals who actually attend the hearing is finalised after the hearing.
2.2 (Draft) hearing agendas
Before the hearing, the Hearing Officer draws up an agenda and distributes this (sometimes in draft form) to the Participating Entities (see point 2.1). The agenda typically mentions those individuals who plan to make presentations.
2.3 Security clearance for access to the hearing venue
Individuals other than Commission personnel must present certain personal data in order to access Commission buildings. To facilitate access to the hearing venue, the Hearing Officer obtains in advance, on behalf of the Commission team responsible for security and access to buildings, certain personal data concerning such individuals.
When inviting Participating Entities other than the relevant Commission teams to the hearing, the Hearing Officer encloses a spreadsheet document known as a ‘visitors template’. This document is drawn up by the ‘Technical Security Unit’ (unit DS.2) within the European Commission Directorate-General for Human Resources and Security (the ‘Technical Security Unit’). It requires the disclosure to the Technical Security Unit of certain personal data concerning individuals planning to seek access to Commission buildings such as the hearing venue.
On receipt of a completed (or amended) visitors template, the Hearing Officer transfers this to the Technical Security Unit, which is the data controller in respect of personal data obtained by means of the visitors template.
2.4 Audio and/or video recordings of the hearing
The audio and/or video recording of the oral hearing becomes part of the Commission file in the case concerned. After the oral hearing, the Hearing Officer makes available (relevant portions) of this recording to the entities that have participated in the hearing.
(2) Articles 10 and 11 of Decision 2011/695/EU of the President of the European Commission of 13 October 2011 on the function and terms of reference of the hearing officer in certain competition proceedings, OJ L 275, 20.10.2011, p. 29.
3. Types of personal data concerned
3.1 Names, titles and details of occupation
Individuals’ names, titles and details of occupation are included in the (draft) list of participants and (draft) agendas. Names and entities represented also feature in the audio and/or video recording of an oral hearing.
3.2 Voice and/or video recordings
Individuals’ voices are part of the audio and/or video recording of the oral hearing.
3.3 Personal data required for access to the hearing venue
Completing the ‘visitors template’ (see point 2.3) requires the following information in respect of each prospective visitor to a Commission building:
- surname, first name and title;
- date of birth;
- nationality;
- number and date of end of validity of passport or national identity card;
- entity represented;
- job title or equivalent; and, optionally,
- email address.
Failure to provide the obligatory personal data sought by the visitors template may result in the individual being refused admission to the hearing venue.
4. Recipients
Each of the Participating Entities has access to or receives the (draft) agenda and list of participants.
On request, each of the Participating Entities receives a copy of the audio and/or video recording of those parts of the hearing in which the entity concerned was entitled to participate.
The Hearing Officer receives completed ‘visitors template’ documents on behalf of the Technical Security Unit (see point 2.3). The Hearing Officer transfers these completed documents to this unit, which is the final recipient of the personal data contained in these documents.
5. Retention periods
5.1 Personal data on the case file
Agendas and lists of participants distributed for the purposes of oral hearings form part of the Hearing Officer’s file in the proceedings concerned. To the extent that the European Commission Directorate-General for Competition has received such documents, they are also part of the Commission’s file in the proceedings concerned. The audio and/or video recording of an oral hearing is part both of the Hearing Officer’s file and of the Commission’s file in relation to the proceedings concerned.
These files remain open until the proceedings concerned have definitively come to an end. After closure, these files are in principle kept for an ‘administrative retention period’ of two years before being transferred in electronic form (in their entirety or as a sample or selection) to the Commission’s historical archives (3).
5.2 Personal data transferred to the Technical Security Unit
The Hearing Officer retains copies of completed visitors templates that are received on behalf of the Technical Security Unit (see point 2.3) for a maximum of one month after the date of the oral hearing.
The Technical Security Unit retains personal data contained in completed ‘visitors templates’ for six months after the date of the hearing (for details see the data protection record related to the Commission Physical Access Control System (PACS)).
(3) See Common Commission-level retention list for European Commission files – second revision, SEC(2019)900, dated 15 April 2019, and in particular sections 10.2 and 10.3 of Annex 1.
6. Safeguards
6.1 General
The oral hearing is not public. Any information, including personal data, produced for or imparted during an oral hearing is received by a closed category of recipients. These recipients can use such information only for the purposes of the relevant Commission proceedings or related litigation.
The personnel of the Commission and the relevant national authorities in antitrust and merger control proceedings before the Commission are under an obligation of professional secrecy. They must handle personal data with due care.
Commission personnel are permitted to access files in antitrust and merger control proceedings only if they have a legitimate need for such access.
The Commission stores electronic data securely, in accordance with Commission Decision (EU, Euratom) 2017/46(4).
6.2 Personal data transferred to the Technical Security Unit
When issuing invitations to the oral hearing, the Hearing Officer requests the entities concerned to return completed ‘visitor template’ documents by separate message to a single email address. This facilitates deletion of copies of such documents by the Hearing Officer after they have been transferred to the Technical Security Unit.
For details of the safeguards applied by the Technical Security Unit, see the data protection record related to the Commission Physical Access Control System (PACS).
(4) Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission, OJ L 6, 11.1.2017, p. 40, corrigendum OJ L 261, 11.10.2017, p. 31.
7. Rights of data subjects
Regulation (EU) 2018/1725 grants individuals whose personal data are processed in the context of oral hearings in principle(5) the rights, in particular, of:
- access to their personal data (Article 17); and
- rectification of these data where they are inaccurate (Article 18).
Under certain circumstances, such individuals have the rights to:
- erasure by the data controller of their personal data (Article 19); or
- restriction of processing of these data (Article 20).
These individuals also have the right to object at any time, on grounds relating to their own particular situations, to the processing, in the context of oral hearings, of personal data concerning them (Article 23).
(5) Outside the context of the organisation of the oral hearing, individuals whose personal data are processed in the context of Commission investigations or proceedings in the field of competition may have more limited data protection rights. See in particular Commission Decision (EU) 2018/1927 of 5 December 2018 laying down internal rules concerning the processing of personal data by the European Commission in the field of competition in relation to the provision of information to data subjects and the restriction of certain rights, OJ L 313, 10.12.2018, p. 39.
8. Comments, queries, requests and complaints
Comments, queries, requests and complaints concerning the processing of data in the context of oral hearings can be addressed to the Hearing Officer, at the email address indicated below. Where the processing of data obtained by the Technical Security Unit by means of the visitors template is concerned, the Hearing Officer may transfer the relevant comment, query, request or complaint to that unit (see above).
Particularly if they are dissatisfied with the response(s) of the Hearing Officer (or, as the case may be, of the Technical Security Unit), individuals can also contact the Data Protection Officer of the European Commission.
8.1 Contact details
- Data controller - Hearing Officer for competition proceedings - hearing [dot] officerec [dot] europa [dot] eu (hearing[dot]officer[at]ec[dot]europa[dot]eu)
- Data protection officer - Data Protection Officer of the European Commission - data-protection-officerec [dot] europa [dot] eu (data-protection-officer[at]ec[dot]europa[dot]eu)
8.2 Complaints to the European Data Protection Supervisor
Individuals have the right, if matters cannot be resolved to their satisfaction with the Hearing Officer or with the Data Protection Officer of the European Commission, to lodge a complaint with the European Data Protection Supervisor. Details are available here.