Abhishek Nidasanametla
When the Knock Comes: What India’s Competition Regime Isn’t Ready For
In recent years, competition authorities abroad have started to treat ‘obstruction’ during dawn raids (“raid”) as a standalone infringement. Very recently, in Finland, the Market Court upheld a fine of EUR 1.5 million against Attendo Suomi after an employee deleted WhatsApp messages and a call log during such a raid; the Finnish Competition Authorities treated the act as an account of ‘obstruction’. In Spain, the National Competition Commission fined Transmediterránea for obstructing a surprise inspection where it found that the CEO was out of the office, allegedly attending a conference and not answering his cell phone. In June 2024, the European Commission fined International Flavors & Fragrances (IFF) €15.9 million after a senior employee deleted a competitor’s WhatsApp messages during a dawn raid at the company’s premises, treating it as obstruction.
In foreign jurisdictions, obstruction during dawn raids has attracted considerable attention, and what counts as “obstruction” has been interpreted with striking breadth. Yet the position in India remains undeveloped. This gap is significant given that it creates uncertainty about compliance during dawn raids, particularly in the context of ephemeral communications and BYOD culture.
This article, therefore, examines how India could fill the regulatory vacuum. First, it maps the definitional and procedural gaps. It then analyses two pressing problem areas – ephemeral data and personal data privacy in BYOD contexts, and then it uses select best foreign practices to help craft India specific solutions. It is the contention that Indian regulatory design must ultimately emerge from its own constitutional and institutional context. For India, the Brussels Effect should end here.
The Missing Rule Book: India’s Grey Zone of Dawn Raids
One of the first challenges is that ‘Obstruction’ as such is undefined in the Competition Act (“Act”). Case law, too, is silent. At best, one might try to stitch together a definition from a reading of Section 43 and Section 45(c) under Chapter 6 of the Act, which outlines the penalties for non-compliance with the directions of the Director General (“DG”) and the Competition Commission of India (“CCI”) (“Commission”). Yet such an endeavour is problematic because while these provisions may appear to furnish a definition of ‘obstruction’ as noncompliance, (that too, not in the context of raids), they still fall short of actually providing a substantive definition.
This gap becomes starker when read in conjunction with Section 36(1). It delineates that the Commission has power to regulate its own procedure, and while there exist procedural codes in general such as the CCI general Regulations, 2009, there exists no comprehensive procedural code specifically for governing dawn raids to fall back on, which leaves it up to ad-hoc discretion of the DG and the Commission to determine what may constitute ‘obstruction’.
Since the idea of obstruction necessarily stems from procedural contravention rather than some theory of harm, a developed procedural code is necessary.
When we look at more mature jurisdictions abroad for examples to emulate, we encounter some problems. For instance, the Spanish Competition Law defines obstruction as a standalone infringement of a minor nature (infracción leve) which shows a willingness to reify a procedural lapse to the level of a standalone harm in itself. However, such an idea rests on an implicit notion that a developed body of jurisprudence exists- a condition not yet met in the Indian competition regime.
The twin fault lines
Roughly, two important issues have emerged from the foreign jurisdictions: 1. Ephemeral Data, specifically ephemeral communication, and 2. Data Privacy, specifically personal data privacy in BYOD context, both of which will receive adequate treatment shortly. To the analysis fleshed out in this section, it is the endeavour to suggest the guardrails in the “Closing the gaps: Towards a Coherent Indian Framework” section and keep suggestions hereunder minimal.
- The issue of ephemeral data– Ephemeral communication refers to messages or e-mails that are configured to self-destruct/vanish automatically after a certain period of time. A readily recognisable example is ‘disappearing messages’ on WhatsApp. Recently, in Finland, the Finnish competition authorities, during a raid, counted the deletion of WhatsApp messages as obstruction. The Finnish authorities contended that wilful deletion constituted ‘obstruction’. [For the question of ephemeral communication, unless context otherwise requires, disappear/self-destruct/vanish/automatically deleted are to mean the same thing.
So far as wilful deletion is concerned, per the 2023 Amendment of the Competition Act, Section 41 is expanded to include DG’s expanded powers to issue orders as to preservation of documents, which at least in some sense does broadly cover the same ground as the Finnish Regime. [The emphasis on wilful will be made clear shortly]. However, with the advent of new technologies, new questions have cropped up, which the current regime leaves in a regulatory grey zone. Consider the matter of ephemeral communications. Roughly, two questions of importance come up (without counting permutations): How should it be treated when the ephemeral messages are already automatically deleted any time before or immediately before the dawn raid starts, or when they disappear in the middle of the inspection due to a pre-set expiry date?
For the latter question, the UK’ Competition and Markets Authority (CMA) offers some guidance though not completely: Unlike the Finnish authorities, who have offered no explicit guidance in this regard, the UK’s CMA very clearly mentions it expects companies which are aware or suspect that they will be subject to CA98 investigations to preserve all potentially relevant documents. This includes the suspension of routine or automatic destruction under the Document Retention Policy. Automatic destruction is rarely accepted as a reasonable excuse for not preserving documents (5.13). It is a short jump from that point to consider that the CMA would likely treat destruction of digital data (and communications) in the same manner subject to the same restrictions. Insofar as the prior destruction is concerned, however, arguably no regime offers clear guidance.
- The issue of data privacy in BYOD context– The proliferation of Bring Your Own Device (BYOD) culture, which is currently rising, complicates separation between company data and personal data privacy, and although much has changed after the Justice K.S. Puttaswamy v Union of India judgement, there is still a lot left to be desired in context of Dawn Raids. BYOD refers to the growing practice where employees use their personal devices for official work and communication, and handling such a situation becomes difficult since during a raid, it is likely that the DG confiscates such devices and also due to a lack of clear demarcation between data related to company business and private affairs post-confiscation.
For the Indian competition regime, as seen in the Yashoda Hospital (informant) vs India Bulls Financial Services Ltd (“Yashoda”), we note (Para 71:) “As has been stated above and is a settled position……direct evidence cannot be found unless through dawn raids.” Per Yashoda because direct evidence can only be collected via a dawn raid, and it is trivially true that the nature of data cannot be ascertained before examination, therefore, the possibility of exclusion of certain data from investigation and/or getting seized on the ground that ‘privacy’ or ‘private life’ of an employee might be hampered in-so-doing rests on thin ground.
In this regard the Finnish Competition Authorities procedures show some promise- for example, in an official document circulated, they state that there is respect for privacy so far as ‘not viewing documents and data of an employee, during or after an inspection, without proper authorisation (2.2)’ is concerned. However, there is little clarity as to what happens insofar as the question of the separation of personal data and the company/work data is concerned.
Interestingly, in the UK, the CMA operates a functionally separate ‘filtering team’ (separate from the ‘case team’, which runs the raids and reports finally to the CMA) to screen confiscated electronic material. But it does so for ‘legally privileged content’ (see 7.4 and also 7.6)] which they then either delete or exclude from the other data if practicable and only then is the material forwarded to the case team. Also, Per the CMA, there is little clarity as to whether that benefit is afforded to personal data that may be difficult to separate from company data (or in general).
A table summarizing the analysis of approaches to the twin challenges:
Analysis of Approaches to Ephemeral Data & BYOD in Dawn Raids
| Jurisdiction | Ephemeral Data Approach | BYOD / Privacy Safeguards |
| Finland | Wilful Deletion of WhatsApp messages during a raid treated as obstruction. | Some safeguards for handling personal devices during inspections, including limits on seizure scope etc |
| No clear guidance on treatment of auto-deletion | No clear guardrails on separation of private data | |
| United Kingdom (CMA) | Destruction of documents after notice of investigation to be treated as obstruction | Independent “filter teams” screen seized material for legally privileged material, using agreed keywords refined with the party. |
| No clear guidance on digital data auto-deletion | Some guardrails exist, but they are not afforded to private data of employees. |
Closing the gaps: Towards a Coherent Indian Framework
To tackle the problems fleshed out above, a four-pronged framework is required
Firstly, the law should explicitly define obstruction – and as a standalone contravention at that- which should be restricted to wilful conduct which materially obstructs the evidentiary objectives of the dawn raid, such as intentional deletion. Failing to suspend scheduled auto-deletion protocols should also count as intentional deletion/wilful conduct.
Secondly, the authorities must develop a dedicated code for dawn raids: They must consolidate existing rules, create new ones specifically for dawn raids and enmesh both into a single, transparent code, laying down data retention obligations, privacy protection and clear thresholds for obstruction, building on best practices in jurisdictions such as Finland and the United Kingdom.
Thirdly, retention obligations must be mandated for ephemeral data: The authorities must mandate parties to suspend automatic deletion settings on messaging and collaboration platforms when investigations are foreseen or announced, supported by penalties for failing to do so. A reasonable approach would be to avoid treating every case of deletion as ‘obstruction’ unless there is other evidence that indicates intent otherwise, such as whether backup copies exist, whether deletion occurred immediately after the party received a preservation order, etc.
Fourth, a BYOD-specific safeguard must be developed: They must permit the seizure of personal devices only if a clear link to the alleged conduct is established and mandate an on-site filtering or independent technical review to segregate the relevant material from private data.
From patchwork to precision: The way forward for CCI raids
India’s competition enforcement regime stands at a procedural crossroads. The proliferation of ephemeral data and the rise of BYOD culture have revealed weaknesses which cannot be addressed by general procedural rules alone. Comparative experience shows that clear retention obligations, device-specific safeguards and transparent inspection protocols are not luxuries, but preconditions for credible enforcement by the CCI and for upholding the constitutional safeguards of procedure established by the law and privacy.
The examination of “obstruction” under the Competition Act reveals more than a mere definitional ambiguity; it exposes a structural vulnerability in the enforcement architecture. Comparative practices underscore both the opportunities and the limits of borrowing: The Collective European experiences provide us with interesting starting points. The problem lies in the fact that these models rest on jurisprudential maturity and procedural codification that India does not yet possess. Therefore, we must chart our own territory and look to bespoke solutions.
Abhishek Nidasanametla is a second-year (LL.B) student at ILS Law College, Pune
NUALS Law Journal 