Provisional text
OPINION OF ADVOCATE GENERAL
MEDINA
delivered on 23 October 2025 (1)
Joined Cases C‑258/23 to C‑260/23
IMI – Imagens Médicas Integradas SA (C‑258/23)
Synlabhealth II S.A. (C‑259/23)
SIBS-Sociedade Gestora de Participações Sociais SA,
SIBS, Cartões – Produção e Processamento de Cartões SA,
SIBS Processos – Serviços Interbancários de Processamento SA,
SIBS International SA,
SIBS Pagamentos SA,
SIBS Gest SA,
SIBS Forward Payment Solutions SA,
SIBS MB SA (C‑260/23)
v
Autoridade da Concorrência
(Request for a preliminary ruling from the Tribunal da Concorrência, Regulação e Supervisão (Competition, Regulation and Supervision Court, Portugal))
( Reference for a preliminary ruling – Infringement of the rules on competition – Seizure of business records – Order issued by the Public Prosecutor’s office – Charter of Fundamental Rights of the European Union – Article 8 – Infringement of the right to respect for personal data – Prior judicial authorisation )
Introduction
1. In my Opinion delivered on 20 June 2024 in the present Joined Cases,(2) I proposed that the (former) Fourth Chamber of the Court interpret Article 7 of the Charter of Fundamental Rights of the European Union (3) as not precluding legislation of a Member State pursuant to which, in the course of an investigation into an infringement of Article 101 or 102 TFEU, the national competition authority seized emails whose content relates to the subject matter of the inspection without having prior judicial authorisation. However, that consideration is subject to the condition that a strict legal framework for that authority’s powers has been laid down together with adequate and effective safeguards against abuse and arbitrariness. Such safeguards must, in particular, take the form of an ex post facto judicial review of the measures at issue. (4)
2. Following the judgment in Landeck, (5) the Court decided, at the request of the (former) Fourth Chamber and pursuant to Article 60(3) of the Rules of Procedure of the Court of Justice, to refer the present cases to the Grand Chamber. In that judgment, the Court held, in particular, that Article 4(1)(c) of Directive (EU) 2016/680, (6) read in the light of Articles 7 and 8 and Article 52(1) of the Charter, does not preclude national legal rules which afford the competent authorities the possibility to access personal data contained in a mobile telephone for the purposes of the prevention, investigation, detection and prosecution of criminal offences. However, the Court held that the exercise of that possibility must be subject, among other conditions, to prior review by a court or an independent administrative body, except in duly justified cases of urgency. (7)
3. In this supplementary Opinion, the Court is asking me to examine whether the guidance provided in the judgment in Landeck should be taken into account in answering the referring court in the present cases, in particular as regards its third question referred for a preliminary ruling. The Court considers it necessary to determine whether the requirement of prior review by a court or an independent administrative body may be transposed to competition law investigations for the purpose of identifying infringements of Article 101 or 102 TFEU, in particular where the emails which are seized by the national competition authority, and the records arising from those emails, contain personal data.
4. Therefore, the present Opinion incorporates the reasoning set out in my first Opinion in accordance with the Court’s new request. For a detailed account of the legal context, the background to the dispute and the proceedings in the main action and before the Court, I would refer to points 3 to 19 of my first Opinion. That account must merely be supplemented by the indication that, on 3 June 2025, following the reopening of the oral part of the procedure, the Grand Chamber of the Court held a hearing. The parties to the main proceedings, the Portuguese, Greek, Finnish and Swedish Governments, the European Commission and the EFTA Surveillance Authority participated.
Assessment
5. To recall, by the third question referred for a preliminary ruling in the present cases, the referring court wishes to ascertain, in essence, whether Article 7 of the Charter precludes the seizure, without prior authorisation by a judicial authority, of emails between managers and employees of an undertaking, and of business records arising from those emails, as part of an investigation into agreements and practices prohibited by Article 101 and 102 TFEU. (8) More specifically, the referring court asks whether such seizure can be authorised by a body such as the Portuguese Public Prosecutor’s Office which, according to that court, is responsible for representing the State, defending the interests determined by law and bringing criminal prosecutions on the basis of the principle of legality. (9)
6. It should be stated at the outset that, according to the wording of its question, the referring court confines itself to asking the Court about the interpretation of Article 7 of the Charter in the context of seizures, ordinarily carried out by national competition authorities, of business emails exchanged between the managers and employees of the undertakings being investigated. However, in so far as those seizures are capable of concerning not only communications covered by Article 7 of the Charter, (10) but also and inherently, personal data protected by Article 8 of the Charter, it is also appropriate to examine that question from the perspective of the latter provision in order to provide the referring court with an answer which will be of use to it. (11)
7. In that regard, it should be noted that Article 8 of the Charter proclaims, in paragraph 1, the right to the protection of personal data. That article also requires, in paragraph 2, that those data be processed in compliance with certain conditions, which ensures the lawfulness of the processing. (12) Even though different in nature, (13) the right to the protection of personal data is closely related to the right to respect for private and family life guaranteed in Article 7 of the Charter, which it supplements. (14)
8. Moreover, the right to the protection of personal data precludes information in relation to identified or identifiable natural persons from being collected by third parties or third parties from having access to it, whether that be public authorities or the general public, unless that collection or access takes place in the context of processing of that information meeting the requirements laid down in Article 8(2) of the Charter. (15) Apart from in that situation, the collection of personal data and access to it, which constitute the processing of such data, (16) must therefore be regarded as limiting the right guaranteed in Article 8(1) of the Charter. (17)
9. In the present case, as regards the emails exchanged between the managers and employees of an undertaking and the business records arising from them, it is clear that, in so far as those emails and records may also contain personal data within the meaning of Article 4(1) of the General Data Protection Regulation, (18) the seizure carried out by a national competition authority in the course of an investigation constitutes a limitation on the exercise of the right guaranteed in Article 8 of the Charter.
10. However, it follows from settled case-law that the fundamental right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced against other fundamental rights. (19) Limitations may therefore be imposed on such a right, so long as, in accordance with Article 52(1) of the Charter, they are provided for by law, respect the essence of the fundamental right and observe the principle of proportionality. (20)
11. In the first place, as regards the requirement that any limitation on the exercise of a fundamental right must be provided for by law, that requirement means that the legal basis authorising such a limitation must define the scope of that limitation sufficiently clearly and precisely. (21)
12. In that regard, it should be noted that the General Data Protection Regulation, which is applicable to national competition authorities in the context of the investigations conducted by them, (22) provides, inter alia, in Article 6(1)(e), that data processing is lawful if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. According to the case-law of the Court, that provision, read in conjunction with Article 6(3) of that regulation, (23) requires there to be a legal basis, which serves as a basis for the processing of personal data by the relevant controllers acting in the performance of a task carried out in the exercise of official authority. (24)
13. In the present case, it is for the referring court to examine those specific points. However, first, it is clear that the processing of personal data in the course of an investigation carried out by a national competition authority falls within the exercise of official authority. (25) Second, as I established in my first Opinion, (26) the measures at issue in the main proceedings are based on articles of Lei No 19/2012 (novo regime jurídico da concorrência) (Law No 19/2012 approving the new legal framework governing competition), of 8 May 2012, which allow the seizure of business records for the purposes of obtaining evidence of anticompetitive conduct.
14. It follows that, in so far as the seizure of emails by the national competition authority involved in the cases in the main proceedings constitutes a limitation on the right guaranteed in Article 8 of the Charter, that limitation has a legal basis in accordance with the first requirement laid down in Article 52(1) of the Charter.
15. In the second place, as regards the requirement to respect the essential content of the right to the protection of personal data, the academic literature underlines the difficulty of identifying the hard core of that right. (27) A further difficulty is that of establishing a clear line of separation between, on the one hand, the right to respect for private and family life laid down in Article 7 of the Charter and, on the other hand, the right to the protection of personal data laid down in Article 8 of the Charter. (28)
16. In any event, I note that, in its case-law, the Court tends to consider that only unlimited collection of or generalised access to, by public authorities, data contained in emails, without any specific safeguards being provided against unlawful processing in order to protect such data, can affect the essence of the fundamental right to the protection of personal data. (29)
17. In the present case, subject to the findings which must be made by the referring court, it should be noted that the seizure of the business correspondence of the managers and employees of an undertaking which is the subject of an investigation does not generally entail the unlimited collection of personal data or generalised access to those data. As I stated in my first Opinion, (30) the seizure of such correspondence is limited by the subject matter of the investigation, as defined in the inspection decision, from which it follows that the collection of data contained in it is restricted to data linked to the anticompetitive practices being investigated. Moreover, the personal data collected cannot be used for purposes other than those of identifying the anticompetitive conduct which is the subject of the investigation. Lastly, as I will explain later in the present Opinion, (31) the seizure of business correspondence by a national competition authority is generally restricted by additional procedural safeguards intended to ensure, inter alia, the security, integrity and confidentiality of those data.
18. It follows that, since the seizure of the emails concerned in the main proceedings did not result in the widespread collection of personal data, according to the case-law of the Court, that seizure cannot be regarded as being capable of undermining the essential content of Article 8 of the Charter.
19. In the third place, as regards the principle of proportionality, it should be borne in mind that, according to the settled case-law of the Court, limitations on the right to the protection of personal data may be imposed only if they are necessary and genuinely meet objectives of general interest recognised by the European Union or the need to protect the rights and freedoms of others. Furthermore, such limitations must apply only in so far as is strictly necessary and the legislation authorising the interference must lay down clear and precise rules governing the scope and application of the measure in question. (32)
20. First, as stated in my first Opinion, (33) seizures carried out by national competition authorities when, in accordance with Article 3(1) and Article 5 of Regulation (EC) No 1/2003, (34) they apply Article 101 and 102 TFEU, serve the purpose of uncovering practices contrary to those provisions, which are a matter of public policy. They prohibit, respectively, cartels and abuse of a dominant position and pursue the objective, undoubtedly of general interest, of ensuring that competition is not distorted in the internal market. That wording, which follows from the case-law of the Court on Article 7 of the Charter, (35) remains fully applicable with regard to Article 8 thereof.
21. Second, for the purpose of pursuing the objective of identifying anticompetitive practices in the internal market, no equally effective means which is less restrictive of the right to the protection of personal data (36) appears to me to be available as an alternative to the seizure of the emails exchanged between the managers and employees of an undertaking via its internal messaging system. Those emails are one of the main sources available to competition authorities for the purpose of uncovering the existence of anticompetitive conduct in the internal market. Article 20(2) of Regulation No 1/2003 itself allows, as a Commission power in inspections, the possibility of carrying out such seizures, (37) a possibility which has also been afforded, by the EU legislature, to national competition authorities since the adoption of Directive (EU) 2019/1, (38) in particular by Article 6(1)(c) thereof. Therefore, seizures of business emails and the collection of personal data contained in them must be regarded as being necessary for the purpose of pursuing the objective of general interest of protecting competition in the internal market.
22. Third, as regards the proportionality of the limitation resulting from the seizure of emails exchanged between managers and employees of undertakings, in particular in respect of the fundamental right guaranteed in Article 8 of the Charter, the Court has held that the proportionate nature of the limitation must be assessed in the context in which that limitation takes place, balancing all the relevant factors in the individual case. (39) According to the judgment in Landeck, (40) such factors include the seriousness of the limitation thus placed on the exercise of the fundamental right at issue, the importance of the objective of general interest pursued by that limitation, the link existing between the owner of the documents seized and the offence in question and the relevance of the data in question for the purpose of establishing the facts. (41)
23. As regards the seriousness of the limitation, it must be assessed, in line with the case-law of the Court, according to the nature and sensitivity of the data to which the public authorities may have access. (42) In particular, although access to all such data by public authorities is liable to allow ‘very precise’ conclusions to be drawn concerning the private lives of the persons concerned, such as everyday habits, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them, the interference in the fundamental right protected by Article 8 of the Charter must be considered to be serious, or even particularly serious. (43) That is also the case where it cannot be ruled out that the data in question may include particularly sensitive data, (44) such as data revealing racial or ethnic origin, political opinions and religious or philosophical beliefs. (45)
24. In the present case, it should be noted that, according to the wording of the request for a preliminary ruling, the question asked by the referring court refers to the seizure of business emails exchanged between managers and employees of an undertaking subject to an inspection at its business premises. (46) As already stated in the present Opinion, it is well known – and, therefore, there is no longer any need to support that assertion – that personal data may be found either in those emails or in the business records attached to them.
25. However, in my view, that situation is not comparable to the situation examined by the Court in the judgment in Landeck, which concerned the seizure, by the police, within a private residence, of the personal mobile phone of a natural person suspected of a criminal offence, and ‘full and uncontrolled access’ (47) to all data contained in it. Nor can it be treated like the situations concerned in a large number of decisions by the Court relating, in essence, to access by public authorities to traffic or location data retained in a general and indiscriminate way by providers of electronic communications services. (48)
26. Mobile phones are devices which currently store, in a single space, a vast quantity of personal data. This includes identification data (direct identity, contact details), location data (geolocation, call and messaging logs, navigation), connection and payment data (online identifiers, banking data) and application and usage data, including personal settings. Many of those types of data fall, moreover, within the special categories of personal data referred to in Article 9 of the General Data Protection Regulation, for example, the biometric data of the person concerned, or data concerning that person’s health, life, sexual orientation or racial or ethnic origin. To all such data may be added other highly personal information such as communications or photographs. (49) In view of their number and variety, (50) all those data are capable of providing a detailed and in-depth picture of almost all areas of the data subject’s private life, particularly when taken as a whole, as the Court also held in the judgment in Landeck. (51) That consideration also applies, as I have already stated, to data stored in a general and indiscriminate way in digital servers of providers of electronic services.
27. On the other hand, I consider, as do the Portuguese, Greek, Finnish and Swedish Governments, the EFTA Surveillance Authority and the Commission, that personal data contained in business emails seized during a competition investigation, in particular those exchanged between the managers and employees of an undertaking via its internal messaging system, cannot be the subject of a similar assessment.
28. Neither the emails exchanged between the managers and employees of an undertaking nor the business records arising from them can contain, in principle, data capable of identifying, with the same precision and intensity as a personal mobile phone, the habits of everyday life of the data subjects. In that regard, it should be noted, first, that competition authorities, when carrying out an investigation at the business premises of an undertaking, are not looking for personal data as such, but business information capable of demonstrating anticompetitive conduct by that undertaking. That means that, except where they are commercially relevant and are, therefore, useful in incriminating the undertaking concerned, the data arising from the business emails of the managers and employees of undertakings are collected only in an ancillary manner. (52) Second, it seems to me that, in this type of emails, personal data is more likely to appear sporadically when searching for business information about a company. In this context, competition authorities, acting proactively and outside the scope of the investigation, (53) should establish a system combining or associating those personal data so as to be able to conclude that they allow a detailed picture to be drawn of the data subject, beyond the sphere of his or her profession, (54) which is not, in any case, the purpose of the investigation. (55)
29. Furthermore, even though the emails exchanged between the managers and employees of an undertaking may contain references to meetings attended or trips taken by those persons – in principle, of a business nature – they do not contain location data or navigation traffic data collected for profiling purposes that could be used to actually track their movements. (56) Nor can those emails provide the same level of information as mobile phones or similar personal devices about the private activities of the data subject or his or her relationships and social environments. Once again, in the absence of a system capable of combining or associating all of those data, which would in any case remain outside the scope of the investigation, I do not consider that a thorough and detailed profile of certain personal aspects of the lives of the individuals concerned can be established on the basis of business emails alone.
30. It follows that, in contrast to the Court’s findings in the judgment in Landeck, the collection of data contained in the emails exchanged between managers and employees of an undertaking via its messaging system, and in the business records arising from those emails, does not, in principle, allow ‘very precise’ conclusions to be drawn on the data subject’s private life, within the meaning required by the case-law. The interference in the right to the protection of personal data cannot, therefore, be regarded as being of a high degree of seriousness (57) and still less as being particularly serious, unlike the situation in the case which gave rise to the judgment in Landeck. (58)
31. As regards the other factors which, in accordance with the case-law cited in point 22 of the present Opinion, must be taken into account in assessing the proportionality of a restriction on the exercise of the fundamental right guaranteed in Article 8 of the Charter, it should be noted that the objective of prosecuting anticompetitive practices on a European scale, in accordance with Article 101 and 102 TFEU, is sufficiently important to consider that the interference caused by the collection of personal data contained in business emails, as well as by subsequent access to such data, is not disproportionate. (59) Furthermore, as I have already indicated, such collection and access are, in principle, ancillary to the search for business information intended to incriminate the undertaking under investigation. It follows that, unlike the finding made by the Court in the judgment in Landeck, the collection of and access to personal data concerned by a competition investigation are not, a priori, intended to establish the liability in the field of competition of the natural person who is the holder of those data, but only that of the legal person with which that natural person has an employment relationship. (60)
32. The considerations set out in the preceding points support the view that interference such as that at issue in the main proceedings complies with the principle of proportionality. This is all the more true in the light of the objective pursued by the seizure of emails exchanged between the managers and employees of an undertaking. However, as several parties argued at the hearing, that finding also depends on compliance with certain additional procedural safeguards. (61) Those safeguards are those which, in essence, are in line with the principles laid down in Article 5 of the General Data Protection Regulation and which usually govern seizures carried out by national competition authorities in accordance with the law of each Member State. (62) In the present case, it is naturally for the referring court to verify that this is indeed the case in the main proceedings.
33. Thus, first and in accordance with already well-known principles, any investigation made by national competition authorities must be based on a duly reasoned inspection decision, which must be founded, as stated, moreover, in the judgment in Landeck, (63) on reasonable suspicions of the infringement, by an undertaking, of the competition rules laid down in the Treaty. As I have already stated in the present Opinion, (64) that inspection decision must be sufficiently precise in order to effectively define both the material and temporal scope of the investigation. As regards, in particular, personal data, the inspection decision should ensure that their collection and access to them, even in an ancillary manner in searches for business information, are limited to what is strictly necessary for the subject matter of, and solely dedicated to the purposes of, the investigation. (65) Furthermore, if the investigation uses computer investigation software, which is, moreover, an ordinary day-to-day occurrence, (66) the indexing procedure which precedes the search for business information relevant to the investigation must be conducted using keywords rigorously determined in relation to the pre-defined subject matter of the investigation. All those measures must enable the investigation to be conducted in compliance with the principle of purpose limitation and the principle of data minimisation which govern the processing of such data. (67)
34. Second, in order to meet the requirements of fairness and transparency governing the processing of data, (68) the national competition authority concerned must inform the natural persons concerned of any processing of their personal data and inform them of their rights in an open and consistent manner. Of course, the scope of that information obligation may be restricted where that is necessary to protect the purpose of the investigation, as expressly provided for in Article 23(1) of the General Data Protection Regulation. However, as provided by Decision 2018/1927 with respect to inspections by the Commission, (69) it appears to me that the national competition authority must treat all such restrictions in a transparent manner and record each case of restriction in the relevant register.
35. Third, in accordance with the principle of storage limitation and the principle of integrity and confidentiality, (70) personal data collected must be stored in a secure environment. The aim, in that regard, is to prevent any unlawful access to data by, or transfer of data to, persons unrelated to the investigation and to prevent any alteration of those data. Moreover, personal data must be stored by the authorities responsible for the investigation only for as long as strictly required by it, which must be determined on the basis of objective criteria, (71) in particular during the administrative procedure and throughout the period of any legal proceedings. Furthermore, the collection and, in particular, access to personal data must be restricted to as few accredited persons or inspectors as possible, who must be subject to confidentiality obligations and prohibited from using such data for purposes other than those of the investigation. (72) Lastly, secure deletion of personal data, either because it is irrelevant to the purpose of the investigation or because the acceptable period of retention has expired, must be provided for by means of a general cleansing mechanism that prevents its subsequent recovery.
36. Fourth, and once again in order to ensure transparency in the processing of personal data, it is important that the collection of and access to such data, through the selection of documents relevant to the investigation, be carried out in the presence of representatives of the undertaking. Those representatives must be given the opportunity to review all provisional documents intended to be included in the file and, as a result, be able to ascertain what personal data is contained in those documents. They must also be able to raise objections to the inclusion in the file of documents containing personal data, which are clearly irrelevant to the investigation and also are of a special or sensitive nature, which should lead those responsible for the investigation to offer those data increased protection. (73) Furthermore, in accordance with the already referred to principle of minimisation, personal data contained in documents that are definitively added to the file and are not relevant to the investigation should be anonymised. Lastly, in accordance with the principle of accountability, (74) the data protection officer of the investigating authority must be able to examine independently the application of the limitations on the right to the protection of personal data in order to ensure compliance.
37. The safeguards described in the preceding points, which are additional to the obligations that national competition authorities are required to comply with under the General Data Protection Regulation, are, in particular, such as to prevent full and uncontrolled access to all data of a natural person. That is why, in so far as those safeguards are clearly and precisely defined and they are complied with, the principle of proportionality required as a result of the application of Article 8 of the Charter must be regarded as having been respected in the context of the seizure of emails exchanged between managers and employees of an undertaking and the business records arising from them. That is all the more the case if, as I stated in my first Opinion, (75) account is taken of the fact that, in their case-law, the European Court of Human Rights and the Court of Justice have recognised that interference by public authorities may be more far-reaching where professional or business premises or activities are involved than in other cases. (76)
38. In such a context, I do not consider that the right to the protection of personal data laid down in Article 8 of the Charter requires prior authorisation by a judicial authority in the context of investigations conducted under competition law.
39. As stated in the introduction to the present Opinion, in the judgment in Landeck, the Court held, in essence, that Article 8 of the Charter does not preclude national legal rules which afford the competent authorities the possibility to access data contained in a mobile telephone for the purposes of the prevention, investigation, detection and prosecution of criminal offences in general, provided that those rules make reliance on that possibility, except in duly justified cases of urgency, subject, among other conditions, to prior review by a judge or an independent administrative body. (77) The Court held in that regard that it is essential – in particular in order to ensure that the principle of proportionality is observed in each specific case by balancing all the relevant factors – that, where access to personal data by the competent national authorities carries the risk of serious, or even particularly serious, interference with the fundamental rights of the data subject, that access be subject to a prior review. (78)
40. In that regard, I should state, at the outset, that the requirement of prior judicial authorisation is already provided for in EU law in cases where the national competition authority’s investigation takes place at the homes of the managers or employees of the undertaking concerned, or at private premises belonging to those persons. (79) The purpose of that provision is to protect one of the most sensitive areas of a person’s private life, as was precisely the situation in the case giving rise to the judgment in Landeck, in which the seizure at issue occurred in the residence of the person suspected of having committed a criminal offence.
41. Moreover, it is clear from the case-law that the requirements relating to the protection of a fundamental right provided for by the Charter may be increased, where, in accordance with national legislation, the evidence obtained in an investigation may be used in proceedings against a natural person in order to establish that a criminal offence was committed by that person. (80) It follows, as regards the right to the protection of personal data laid down in Article 8 of the Charter, that the requirement of prior judicial authorisation may be imposed where the personal data contained in the documents seized by a national competition authority are used, not only in order to establish the liability of the undertaking concerned for infringements of the Treaty competition rules, but also in order to establish the criminal liability of a natural person for anticompetitive conduct, if that is provided for in the national law of the Member State.
42. However, apart from cases which concern, inter alia, first, the seizure of emails containing personal data at a person’s private residence and, second, the seizure of such documents in order to incriminate a natural person under criminal law, as in the judgment in Landeck, I do not consider that prior judicial authorisation is required, as such, by Article 8 of the Charter. The same considerations apply here as those which led the European Court of Human Rights and the Court of Justice, in their case-law, to conclude that prior judicial authorisation is not required under Article 7 of the Charter in the case of competition inspections at company premises, as I explained in my first Opinion, (81) to which I would like to refer.
43. In particular, the seizure, by a national competition authority of emails exchanged between the managers and employees of an undertaking does not, in my view, breach the principle of proportionality, subject to the following considerations. First, it must be subject to procedural safeguards, such as those described in the present Opinion, and, second, to an ex post facto judicial review, which may be carried out during the investigation procedure and which is specifically devoted to verifying compliance with those safeguards in the light of Article 8 of the Charter. (82) Recent case-law of the European Court of Human Rights concerning Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms, signed in Rome on 4 November 1950, supports this view, as demonstrated by the judgments of 6 February 2025, Italgomme Pneumatici Srl and Others v. Italy, (83) and of 18 March 2025, BRD – Groupe Société Générale S.A. v. Romania. (84)
44. Furthermore, with regard to the argument that prior judicial authorisation would be more likely to ensure compliance with the principle of proportionality, as the Court held in the judgment in Landeck, it should be noted that a finding by the national court, in the context of an ex post facto review available during the investigation procedure, that the national competition authorities have breached that principle as a result of a failure to comply with procedural safeguards may be capable of calling into question the information gathered during the investigation and, consequently, invalidating the investigation procedure in whole or in part. (85) In view of the risks involved, it seems to me, therefore, that national competition authorities have sufficient incentive to ensure that the principle of proportionality is respected. Added to this, of course, is the obligation to provide the person concerned with appropriate relief in the event of an irregular operation on the part of the national authority concerned. (86)
45. It follows that, as I suggested in my first Opinion as regards Article 7 of the Charter, Article 8 of the Charter should be interpreted as not precluding legislation of a Member State pursuant to which, in the course of an inspection at the premises of an undertaking carried out as part of an investigation into an infringement of Article 101 or 102 TFEU, the national competition authority seizes emails whose content relates to the subject matter of the inspection without prior judicial authorisation, provided that, first, a strict legal framework for that authority’s powers has been laid down together with, as described in the present Opinion, second, adequate and effective safeguards against abuse and arbitrariness, in particular in the form of an ex post facto judicial review of the measures at issue, both during and at the end of the investigation procedure.
46. That said, it should be noted that, as follows from my first Opinion, Directive 2019/1 currently allows Member States to provide for, in their respective legal systems, a prior authorisation mechanism on the part of judicial authorities, which includes a public prosecutor, (87) for the purposes of the exercise of powers of inspection by the national competition authorities. (88) This means that, although, in accordance with the analysis set out in the preceding points, Article 8 of the Charter does not require such prior authorisation, provided that the safeguards described in the present Opinion are respected and that provision is made for a comprehensive ex post facto judicial review, that article does not preclude it either. In that context, the view must be taken that no infringement of that article can be established in respect of Member States which decide to avail themselves of that possibility.
47. Finally, I would like to point out that, although, based on the analysis carried out in this supplementary Opinion, I consider that the lessons of the judgment in Landeck should not be regarded as applicable to competition investigations, in particular with regard to the requirement of prior authorisation, there is no need to rule on the question of whether such authorisation can be provided by a body such as the Portuguese Public Prosecutor’s Office. In any event, if the Court does not share my analysis, it suffices to note that, in its case-law, it has defined the conditions under which a body responsible for verifying the legitimacy of interference with fundamental rights can be considered independent. In particular, the requirement of independence presupposes that the body enjoys a status that allows it to act objectively, impartially, and free from any external influence. (89) In the present case, since the description given by the referring court of the attributes of the Portuguese Public Prosecutor’s Office meets those conditions, I consider that it should be regarded as an independent body competent to grant prior authorisation in the manner required by the judgment in Landeck.
Conclusion
48. In the light of all the foregoing considerations, I propose that the Court answer the third question for a preliminary ruling referred by the Tribunal da Concorrência, Regulação e Supervisão (Competition, Regulation and Supervision Court, Portugal) in each of the Joined Cases C‑258/23 to C‑260/23 as follows:
Articles 7 and 8 of the Charter of Fundamental Rights of the European Union
must be interpreted as not precluding legislation of a Member State pursuant to which, in the course of an inspection at the premises of an undertaking carried out as part of an investigation into an infringement of Article 101 or 102 TFEU, the national competition authority searches for and seizes emails whose content relates to the subject matter of the inspection without having prior judicial authorisation, provided that a strict legal framework for that authority’s powers has been laid down together with adequate and effective safeguards against abuse and arbitrariness, in particular an ex post facto judicial review of the measures at issue, both during and at the end of the investigation procedure.