THE BOTTOM LINE
- Cross-Border Risk: Companies in multi-jurisdictional investigations face a real risk that their privileged legal communications, even when identified, can be accidentally shared with foreign authorities due to technical failures.
- Technical Safeguards are Fallible: The common practice of “graying out” (making inaccessible) privileged files in digital investigation platforms is not foolproof. This case shows that simply exporting data can undo these protections, exposing sensitive legal advice.
- Proactive Challenges Work: This ruling demonstrates that companies and their counsel can successfully challenge inadequate data handling procedures, forcing prosecutors to adopt stricter protocols and re-filter entire datasets to protect attorney-client privilege.
THE DETAILS
This decision stems from a major Dutch criminal investigation, codenamed “Greenhill,” into alleged “dividend stripping” tax fraud. During the probe, the Dutch Fiscal Information and Investigation Service (FIOD) seized vast amounts of digital data. Recognizing the presence of legally privileged documents, the data was handed to an Investigating Judge to filter out communications between the suspect and their lawyers. The chosen method was to “gray out” the privileged files, making them inaccessible within the investigation software without deleting them from the original forensic copy. However, the process failed spectacularly when the suspect’s lawyers discovered that not only was the initial filtering incomplete, but a copy of the entire dataset—including the supposedly protected privileged files—had been shared with German and Finnish authorities as part of a Joint Investigation Team, with the safeguards reversed during the export.
The Amsterdam District Court delivered a sharp rebuke to the prosecution’s handling of the data. While it denied the lawyers’ request to permanently delete the privileged files, citing the need to maintain the forensic integrity of the seized data, it found the core of their complaint valid. The court ruled that the safeguards surrounding the “graying out” method were critically insufficient. The fact that investigators could inadvertently undo the protection simply by exporting the files to a USB drive proved that the process lacked the robustness required to protect the fundamental principle of legal professional privilege. The court also highlighted the absence of a formal, detailed report explaining how the system guarantees inaccessibility, a key requirement previously established by the Dutch Supreme Court for such technical workarounds.
As a result, the court has ordered significant corrective actions that will impact how digital evidence is handled in complex corporate investigations. It mandated a complete and thorough re-filtering of the entire dataset to properly identify and segregate all privileged material. Crucially, the prosecution must now produce a detailed technical report outlining exactly how it will guarantee that “grayed out” data remains inaccessible to investigators, especially during data transfers to other parties or systems. Finally, the court ordered the release of system access logs, allowing for an audit of who may have viewed the privileged information. The decision is a clear signal that while modern investigative tools are powerful, they must be governed by strict, transparent, and verifiable protocols to uphold the confidentiality of legal advice.
SOURCE
Source: Rechtbank Amsterdam (District Court of Amsterdam)
