Dirk VAN ERPS - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Dirk VAN ERPS

Description:

... Nexans/Prysmian challenge: General Court: measure implementing inspection decision; not separable act Personal Data: we process in compliance with Reg. 45/2001 ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 18
Provided by: aedc9
Category:
Tags: erps | van | dirk | nexans

less

Transcript and Presenter's Notes

Title: Dirk VAN ERPS


1
Gathering digital evidence by the EU Commission
in inspections
  • Dirk VAN ERPS
  • Head of Unit Cartels II
  • Forensic IT Project Manager
  • Madrid, 5 July 2013

2
Digital Evidence Gathering Powers
  • Reg. 1/2003, Art. 20, 2
  • "The officials are empowered
  • (b) to examine the books and other records
    related to the business irrespective of the
    medium on which they are stored
  • (c) to take or obtain in any form copies of or
    extracts from such books or records"

3
Digital Evidence Gathering Powers
  • Means
  • We can look at electronic documents
  • We can make electronic copies of (electronic or
    paper) documents
  • (see point 9 of Explanatory Note)

4
Digital Evidence Gathering Powers
  • DG Comp has started in April 2013 to take
    systematically electronic copies of electronic
    documents
  • DG Comp is planning to make electronic copies
    (scans) of paper documents one test in June 2013

5
The revised Explanatory Note
  • What for
  • - provide transparency to company, kind of FAQ
  • - handed over to company representative at start
    of inspection
  • - available on internet
  • For information only and without prejudice to
    formal interpretation of powers of investigation

6
Clarifications in 18 March 2013 version
  • - provides examples on company's IT environment
    and storage media that can be searched "laptops,
    desktops, tablets, mobile phones, CD-Roms, DVDs,
    USB-key and so on" (point 10)
  • - reference to 'obligation to cooperate fully and
    actively with the inspection' (point 11)
  • - more examples stemming from this
    -"explaining organisation and IT environment"

7
Clarifications in 18 March 2013 version
  • "temporarily disconnecting running computers from
    network, removing and re-installing hard drives
    from computers and providing 'administrator
    access rights'-support"
  • Possibility to use company hardware (that is not
    wiped at the end by Commission) (pt 11)
  • Inspectors can keep storage media until end of
    inspection but may return earlier after having
    made forensic copy of data (pt 12)

8
Clarifications in 18 March 2013 version
  • Commission cleanses all Commission data carriers
    used to transfer data at end of inspection (pt
    13)
  • Revised Note to coincide with introduction of new
    workflow

9
Previous Workflow
IT Inspector
Company ComputerNo Dedicated Search Tools
DG COMP FIT LaptopForensic Software
FIT Inspector
10
New Workflow
IT Inspector
Nuix Operator
FIT Inspector
Nuix Reviewers
11
Digital review method has not changed
  • Possible relevant documents are 'collected' (no
    systematic 'imaging' of entire content, but still
    forensic copy from laptops/desktops)
  • Possible relevant documents are indexed
  • Possible relevant documents are reviewed, now on
    a 'platform' basis
  • Commission official decides whether document is
    relevant
  • Company receives list and copy of relevant
    documents

12
Digital review method has not changed
  • In principle, review is done on the spot, on the
    basis of the content of the individual document,
    by a Commission official (in the presence of
    company representative)
  • Sealed envelope (or 'continued inspection')
    procedure remains exceptional
  • Less than 10 of cases
  • Often on request of company (as 'Nuix' was not
    available on site)

13
We are not obliged to
  • Define the relevance of a document on the basis
    of a Commission pair of eyes looking at the
    individual document (but we do)
  • Describe our interpretation of our rights (but we
    do transparency via Inspection Explanatory
    Note)
  • Describe our workflow and our tools (but we do
    article and presentation as this one)
  • Cleanse/Sanitise/Wipe our tools at the end of the
    inspection (but we do)

14
Legal issues
  • Location of server irrelevant what is available
    to company staff is available to Commission
    official
  • LPP can be excluded from 'search data' and
    reviewed separately between Team leader and
    company representative
  • Keywords are not provided as they are only
    'intelligence' helping to define possible
    individual relevant documents (that are provided)
  • Chain of custody company signs 'document list'
    that identifies individual documents by path file
    and name and Hash Value for entire collection

15
Legal issues
  • 'Continued inspection' or 'sealed envelope'
    procedure Nexans/Prysmian challenge General
    Court measure implementing inspection decision
    not separable act
  • Personal Data we process in compliance with Reg.
    45/2001 applicable to Commission, but no
    hindrance to obtain the data
  • No procedural harmonisation within ECN but
    exchange of practices and experience in ECN
    Forensic IT Working Group

16
DEMO
  • Presentation of the Demo CD that is provided to
    inspected company at start of inspection to
    explain procedure

17
The End
  • Thank you
  • Any further questions?
  • Dirk.Van-Erps_at_ec.europa.eu
  • The views expressed are personal and do not
    commit the Commission
Write a Comment
User Comments (0)
About PowerShow.com