Strategic risk spotlight on EU-China investigations: How to reconcile EU investigations with Chinese law in light of recent EU General Court order (2024)

Table of Contents
I. Background II. Legal analysis by General Court III. Implications for companies operating in the EU and China IV. Conclusion

In an order dated 12 August 2024, the General Court of the European Union (‘General Court’) dismissed an application for interim measures brought by two EU subsidiaries of a Hong Kong-based security inspection equipment company in response to a request by the European Commission (‘Commission’) to provide the Commission with data stored in China. Although this is only an interim relief order, it can be deduced from the reasons given by the General Court that it may become much more difficult and risky to rely on national laws to prevent the transfer of data to European authorities in the context of investigations. Thus, it is worth taking a closer look at the decision and its implications for future investigations conducted by EU authorities:

I. Background

The starting point of the legal dispute in this case was Regulation (EU) 2022/2560 on foreign subsidies distorting the internal market which establishes a harmonised framework to address distortions caused by foreign subsidies in order to ensure a level playing field. In this context, pursuant to Art. 14 of Regulation (EU) 2022/2560, the Commission may conduct the necessary inspections of undertakings and their associations. The regulation empowers the Commission to enter premises, access business information, examine books and business records, and question employees.

The Commission initiated such an inspection in April 2024 with regard to the two applicants and carried out an inspection at the applicants’ premises in the Netherlands and Poland. In the course of the inspection, the applicants were requested to hand over the data of several email inboxes of their employees, which was refused, among other things, on the grounds that the data was not stored locally but located on servers of the Chinese parent company. The applicants were then requested to place a legal hold on the data concerned and a deadline was set for the data to be handed over to the Commission.

The applicants refused to comply with the Commission requests under Art. 14 and brought an action for interim measures seeking the annulment of the requests.

See Also
Artificial intelligenceOur history | Freshfields Bruckhaus DeringerVoluntary Carbon Credits: A regulatory grey area in the EU? (Part I)

II. Legal analysis by General Court

Although the order is based only on an application for interim measures and does not represent a final, binding judgment in the main proceedings, the General Court’s reasoning for rejecting the arguments of the applicants may allow for general conclusions to be drawn and sheds light on investigative data requests in an EU-China context.

The following two points were at the centre of the applicants’ arguments:

  1. a request by the Commission for data stored in China infringes public international law as the Commission cannot extend its investigative powers to territories or individuals that are not under its EU jurisdiction;
  2. a Commission’s request concerning data stored in China is unlawful in so far as compliance with this request would compel the applicants and the group to which they belong, under the threat of fines and periodic penalty payments, to infringe Chinese law, including criminal law.

The applicants were unable to prevail on either point before the General Court:

  • Public international law: The court reasoned that under public international law, the Commission has jurisdiction and is entitled to conduct investigative inspections if qualified effects of the practice under investigation are established within the EU or if the practice was implemented in the EU. The place of formation of the practice or the place of incorporation of the relevant entity are not decisive; otherwise, companies would have easy ways to evade EU prohibitions. The General Court argues that EU law is applicable if the conduct has foreseeable, immediate and substantial effects in the EU. Consequently, the Commission has investigative powers that extend to data stored on servers located outside the EU (e.g. in China) because possible distortions of the internal market by foreign subsidies have substantial effects. Also, the Commission must be entitled to extend its reach to business operations outside the EU in order to conduct its investigations efficiently and be able to hold non-EU entities liable for unlawfully distorting the internal market.
  • Infringement of Chinese law:The General Court also emphasized that companies operating in the EU are generally subject to EU law and measures taken by the Commission must always be assessed in the light of EU law and not, as asserted by the applicants, Chinese law. However, even when examining Chinese law and evaluating whether infringements of Chinese law influence the assessment of possible violations of EU law, the General Court argues that the applicants have failed to explain how Chinese law could prevent the data requests (given that both applicants are entities established in the EU) and how criminal sanctions apply to the requested information. The mere reference to possibly relevant Chinese regulations was not sufficient for the General Court (reference was made to Articles 31 and 36 of the Data Security Law, Article 41 of the Personal Information Protection Law and Article 28 of the Law on Safeguarding State Secrets). Moreover, the General Court explicitly pointed out that all of the provisions of Chinese law cited in the application could only be infringed if the data were disclosed without prior authorisation from the competent Chinese authorities. In this respect, the General Court specifically noted that the applicants had not claimed to have made any attempt to obtain such authorisation.

III. Implications for companies operating in the EU and China

1. What can companies expect in the future?

The court order sends a strong signal that the EU is willing to enforce requests for information in a strict fashion, even if there are contrary foreign laws. It should come as no surprise that the Commission expands its reach to territories outside the EU as it does not want to provide companies with easy ways to evade its enforcement authority. Companies refusing to comply with data production requests will have to meet a high standard of proof that it is impossible for them to comply with the Commission’s request.

In the present case, the General Court emphasized that the applicants:

  • Did not explain how Chinese law was relevant to them as EU entities;
  • Did not sufficiently explain how Chinese law applies to the requested data;
  • Never attempted to obtain authorisations from Chinese authorities to comply with the data requests; and
  • Did not proactively propose other methods that would allow them to provide the data without infringing Chinese law.

2. How companies can strike a balance between the EU approach and Chinese law

China has enacted a number of laws in recent years that have tightened restrictions on cross-border data transfers, including for example the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. Among others, Article 36 of the Data Security Law contains a broad requirement that data stored in China cannot be provided to foreign courts or law enforcement authorities without the prior approval of the Chinese authorities.

However, Chinese law is not clear as to which Chinese authorities are in charge of granting approval, and no official rules or guidance have been issued on the process for obtaining such approval.

  • In practice, some companies have applied for and successfully obtained approvals from Chinese authorities (primarily, the Chinese Ministry of Justice) before disclosing their data stored in China to foreign courts or law enforcement authorities, but there can be delays and confusion in the application process.
  • There have also been instances in which the authorities have refused to accept applications to transfer data to foreign courts or law enforcement authorities, leaving the applicants in a difficult position of deciding whether to transfer data in apparent violation of the broad requirement and facing potentially serious consequences under Chinese law.

This case is a telling example of how companies can find themselves caught in the middle of potentially conflicting regimes. It also shows that Chinese laws restricting data transfers are not per se a defence to an EU regulator’s request for documents, as it is not sufficient to simply assert the existence of these transfer restrictions, without explaining and demonstrating how they prevent companies from complying with the regulator’s request.

Companies need to strike a balance between an EU regulator’s request and the Chinese data laws based on the specifics of their cases. Based on our recent experience, some possible risk management measures include:

  • Assess the need for cross-border data transfer at the outset of the EU proceedings, understand the applicable rules in light of the evolving and potentially conflicting legal regimes, and plan ahead;
  • Try to limit the scope of production in the EU proceedings by relying as much as possible on defences other than Chinese law. In other international cases, courts were open to the proposition that a distinction must be made between documents within the possession, custody or control of the company subject to the proceedings, and those of the parent company or other members of the same group. It remains unclear, however, whether this argument would stand up before an EU court. The General Court focused its reasoning on access to the requested information and did not address the issue of possession, custody or control;
  • Seek alternative solutions to satisfy the regulator’s request, such as relying on documents stored or already transferred outside of China;
  • If data stored in China must be produced, allow sufficient time to seek approval from the Chinese authorities, and keep adequate records of the steps taken; and
  • If it is indeed impossible to produce key evidence due to restrictions on cross-border data transfers, companies should seek to minimize the potential adverse impact by demonstrating their efforts to comply with applicable Chinese law and by exploring alternatives.

IV. Conclusion

All in all, the EU judiciary places an extremely high burden on companies seeking to defend themselves against investigations. This must also be viewed in the context of recent regulatory developments in China, in particular China’s new data transfer laws, which have alreadyadded complexity to China-related investigations. Companies need to be aware of the increasing risk of conflicting regimes and proactively manage the process of obtaining the necessary approvals before transferring data across borders or exploring alternative ways to comply with requests by regulators. If companies do not see viable options for complying with a Commission request, they must be prepared to explain in great detail the reasons for their refusal.

Strategic risk spotlight on EU-China investigations: How to reconcile EU investigations with Chinese law in light of recent EU General Court order (2024)
Top Articles
Brooke Monk Knows How To Go (& Stay) Viral
10 Things You Didn’t Know about TikTok’s Brooke Monk
Funny Roblox Id Codes 2023
Golden Abyss - Chapter 5 - Lunar_Angel
Www.paystubportal.com/7-11 Login
Joi Databas
DPhil Research - List of thesis titles
Shs Games 1V1 Lol
Evil Dead Rise Showtimes Near Massena Movieplex
Steamy Afternoon With Handsome Fernando
Which aspects are important in sales |#1 Prospection
Detroit Lions 50 50
18443168434
Newgate Honda
Zürich Stadion Letzigrund detailed interactive seating plan with seat & row numbers | Sitzplan Saalplan with Sitzplatz & Reihen Nummerierung
Grace Caroline Deepfake
978-0137606801
Nwi Arrests Lake County
Justified Official Series Trailer
London Ups Store
Committees Of Correspondence | Encyclopedia.com
Pizza Hut In Dinuba
Jinx Chapter 24: Release Date, Spoilers & Where To Read - OtakuKart
How Much You Should Be Tipping For Beauty Services - American Beauty Institute
Free Online Games on CrazyGames | Play Now!
Sizewise Stat Login
VERHUURD: Barentszstraat 12 in 'S-Gravenhage 2518 XG: Woonhuis.
Jet Ski Rental Conneaut Lake Pa
Unforeseen Drama: The Tower of Terror’s Mysterious Closure at Walt Disney World
Ups Print Store Near Me
C&T Wok Menu - Morrisville, NC Restaurant
How Taraswrld Leaks Exposed the Dark Side of TikTok Fame
University Of Michigan Paging System
Dashboard Unt
Access a Shared Resource | Computing for Arts + Sciences
Speechwire Login
Healthy Kaiserpermanente Org Sign On
Restored Republic
3473372961
Craigslist Gigs Norfolk
Moxfield Deck Builder
Senior Houses For Sale Near Me
Whitehall Preparatory And Fitness Academy Calendar
Trivago Myrtle Beach Hotels
Anya Banerjee Feet
Birmingham City Schools Clever Login
Thotsbook Com
Funkin' on the Heights
Vci Classified Paducah
Www Pig11 Net
Ty Glass Sentenced
Latest Posts
New Orleans Pelicans: Breaking News, Rumors & Highlights | Yardbarker
The Stunning Transformation Of TikToker Brooke Monk - Nicki Swift
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6362

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.