On 12 November 2021, an administrative judge confirmed a sanction of the Superintendence of Industry and Commerce (SIC) on an employee involved in a company dawn raid — Hernando Rodríguez (general manager of Roa Florhuila). The sanction was imposed on Hernando Rodríguez for refusing the forensic review of his personal cell phone during a dawn raid conducted by the Competition Division of the SIC. A dawn raid took place at Flor Huila’s premises, during which employees, including the general manager, were asked for physical and/or digital information of a corporate nature.
The reason for requesting the general manager’s personal cell phone was that he also used this device to manage information and communications related to the company. Hernando Rodríguez refused to provide his cell phone, stating that the SIC was violating his right to privacy and that it had exceeded the limits of its functions and authority.
Although Rodríguez sued and requested the invalidation of the resolution that sanctioned him before the Contentious Administrative Jurisdiction, on 12 November 2021 in a first instance judgment, his claims were denied.
Recommended actions and key takeaways
- In exercising its functions of inspection, surveillance and control with respect to the protection of free competition, the SIC may order and conduct dawn raids. The SIC may request from any individual or legal entity (public or private) physical or electronic documents and information that it considers necessary to fulfill its functions under the terms established by law.
- Any request for information conducted during a dawn raid must have a legal basis, and it should be limited to what is strictly necessary.
- According to Law 1340 of 2009, sanctions may be imposed by fines of up to 100,000 monthly minimum wages (COP 90,852,600.000/USD 23,000) or 150% of the profit derived from the anti-competitive behavior (whichever amount is higher) for legal entities, or fines of up to 2,000 monthly legal minimum wages (COP 1,817,052.000/USD 468,325 at current exchange rates) for individuals. Sanctions may be levied, after the due process of requesting explanations from the investigated party, when the orders and instructions issued by the SIC are not duly complied with and the actions conducted by the SIC are obstructed.
- The collection of evidence conducted by the SIC should comply with the requirements set forth in Law 527 of 1999, which regulates access to and the use of data messages, to preserve the integrity of the data, including the origin, chain of custody and the manner in which the data was collected, preserved and processed (in its original form) to appropriately treat the information.
- Failure to comply with the instructions given by the SIC or obstructing the proceedings constitutes a violation of free competition, which is subject to the same sanctions.
- The statutory law on the protection of personal data establishes that the authorization of the owner of the data is not necessary for the purposes of its treatment when the information is required by a public or administrative entity in exercising its legal functions (Article 10 of Law 1581 of 2012).
- It is recommended to use devices aimed at corporate purposes exclusively for corporate matters and to inform the authority, if requested, about this clear limit.
In more detail
The sanction on Rodríguez was imposed through Resolution No. 4037 dated 20 February 2019. The Second Administrative Court of the Circuit of Bogota, first section, confirmed the sanction in the judgment of 12 November 2021.
For the decision, the court was concerned with determining whether the SIC had violated the plaintiff’s right to due process and whether it disregarded the right to privacy of the plaintiff, Hernado Rodríguez, by intercepting and recording his personal cell phone; whether this occurred with unjustified reasoning; and if the sanction imposed was actually applicable exclusively to legal entities.
After due analysis, the court determined the following:
- The plaintiff’s due process was not violated because the actions of the SIC were within its legal powers and were carried out in exercising its inspection, surveillance and control functions.
- Hernando Rodríguez’s right to privacy was not disregarded because he was using his personal cell phone for corporate use, and the digital information requested was information required by a public or administrative entity in exercising its legal functions.
- The SIC did not act with unjustified reasoning when issuing the resolution in which Rodríguez was sanctioned, as it was determined that he indeed failed to comply with the instructions given by the SIC and, thus, obstructed the administrative action that was being carried out.
- Finally, after a jurisprudential analysis, the following points were determined: (i) the sanctions established in Law 1340 of 2009 may be imposed on individuals as well as legal entities when the act occurs in the (prohibited) conduct described in Articles 25 and 26 of said law; (ii) legal entities act through individuals and, hence, the conduct (established in the law) applicable for legal entities is relevant to individuals, as “they (the individuals) are the ones that make ‘carrying out the conduct’ possible”; and (iii) the law does not exclusively establish that only legal entities are considered in the application and enforcement of the law; therefore, the sanction imposed on Hernado Rodríguez was in fact applicable.
Click here to access the Spanish Version.