18 April 2018
Commission's "e-evidence" proposals: "maximising risks for fundamental rights violations"
Follow us: | | Tweet
See: EU e-evidence proposals turn service providers into judicial authorities (EDRi, link):
"Today, 17 April, the European Commission unveiled two proposals: a Regulation on cross-border access to and preservation of electronic data held by service providers and a Directive to require service providers to appoint a legal representative within the EU.
The core of the Commissions e-evidence initiative is that national judicial or administrative bodies can ask a service provider, such as Facebook, based in another EU Member State, to produce and to preserve data for the investigation or prosecution of a crime. Currently, national judicial authorities receive and authorise foreign requests, in order to ensure that fundamental rights are protected. The European Union very recently adopted the European Investigation Order to improve the efficiency and speed of cross-border criminal investigations within the EU. Member States had until 22 May 2017 to implement it. Before any proper assessment of this measure has been possible, the EU now seems to be rushing into making these new proposals, following in the steps of the United States."
The organisation highlights that (emphasis added):
"if adopted, this Regulation would be putting companies at the same level as a court or a state. In fact, companies would be exempted from liability if they hand over data in response to an illegal or incorrect order. This means that if there is an invalid order which the company complies with (due to fear of sanctions for non-compliance), and if an exception to user-notification is used to keep this order secret, it will be very difficult for the user to defend her/his rights."
Alongside this concerns it may also be observed that the proposals have a very broad scope. According to Article 5 of the proposal for a Regulation on European Production and Preservation Orders:
"3. European Production Orders to produce subscriber data or access data may be issued for all criminal offences.
4. European Production Orders to produce transactional data or content data may only be issued
(a) for criminal offences punishable in the issuing State by a custodial sentence of a maximum of at least 3 years, or
(b) for the following offences, if they are wholly or partly committed by means of an information system:
offences as defined in Articles 3, 4 and 5 of the Council Framework Decision 2001/413/JHA [on combating fraud and counterfeiting of non-cash means of payment];
offences as defined in Articles 3 to 7 of Directive 2011/93/EU of the European Parliament and of the Council [on combating the sexual abuse and sexual exploitation of children and child pornography];
offences as defined in Articles 3 to 8 of Directive 2013/40/EU [on attacks against information systems], of the European Parliament and of the Council;
(c) for criminal offences as defined in Article 3 to 12 and 14 of Directive (EU) 2017/541 [on combating terrorism]"
The Commission's press release (pdf) states that:
"The Commission is proposing new rules to make it easier and faster for police and judicial authorities to obtain the electronic evidence, such as e-mails or documents located on the cloud, they need to investigate, prosecute and convict criminals and terrorists.
The new rules will allow law enforcement in EU Member States to better track down leads online and across borders, while providing sufficient safeguards for the rights and freedoms of all concerned."
See also: Position papers to the 2017 public consultation on improving cross border access to electronic evidence in criminal matters (European Commission, link). A summary of other submissions to the public consultation is contained in the impact assessment.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.