02 March 2018
Cross-border law enforcement data access: Commission to present proposal, Council LIMITE document outlines ongoing issues
Follow us: | | Tweet
The Commission's forthcoming proposal: Europe seeks power to seize overseas data in challenge to tech giants (Reuters, link):
"The European Union is preparing legislation to force companies to turn over customers personal data when requested even if it is stored on servers outside the bloc, a position that will put Europe at loggerheads with tech giants and privacy campaigners.
The EU executive has previously indicated it wanted law enforcement authorities to be able to access electronic evidence stored within the 28-nation bloc. But the scope of the planned legislation will extend to data held elsewhere, according to two sources with direct knowledge of the matter."
The option of legislation that would extend beyond the EU's borders was raised by the Commission in its "inception impact assessment" published in August 2017 and the issue of "e-evidence" has been on the agenda of EU and USA Senior Justice and Home Affairs Officials meetings for some time.
See: European Commission: Inception impact assessment: Improving cross-border access to electronic evidence in criminal matters (Ares(2017)3896097, pdf)
The Council is also discussing the issue: NOTE from: Presidency to: Permanent Representatives Committee/Council: Improving cross-border access to e-evidence (6339/18, 26 February 2018, LIMITE, pdf):
"Commission is invited to update delegations on the current state of play of this file, taking into account the issues as described above, and to outline the next steps together, if possible, with their respective timeline;
delegations are invited to exchange views on the subject of cross-border access to e-evidence, in particular on the international developments and their approach to them, and other elements they wish to bring forward such as national developments, regulatory or other, emerging needs or new challenges stemming from on-going investigations and criminal proceedings, and their ideas for the way ahead."
The Reuters article notes that:
"The EU push comes as a landmark legal battle in the United States nears its climax. The U.S. Supreme Court will this week hear oral arguments in a case pitting Microsoft against U.S. prosecutors, who are trying to force the company to turn over emails stored on its servers in Ireland in connection with a drug-trafficking investigation."
The European Commission has mdae a submission to the Supreme Court: Brief of the European Commission on behalf of the European Union as amicus curiae in support of neither party (pdf), alongside a host of other organisations and institutions(Supreme Court, link).
The topic is also raised in the Presidency's note, which highlights that:
"7. However, this case could become moot, if a new bill introduced in Congress on 6 February (the Clarifying Lawful Overseas Use of Data (CLOUD) Act) were to become law. The bill has industry support , as well as of the US Department of Justice, but is criticised by certain privacy NGOs . The CLOUD Act would amend the Stored Communications Act of 1986, by stipulating that US service providers are obliged to comply with US orders to disclose content data regardless of where such data is stored. In addition, it sets the requirements under which the US Administration may conclude executive agreements, which would allow US service providers to deliver content data to a partner foreign government (as well as intercept wire communications), without the need for an MLA request . In addition, through a "comity clause", the CLOUD Act enables service providers to request a US court to quash or modify an order issued for data stored overseas if the data relates to a non-US person and if complying with the warrant would cause them to violate the laws of a partner country with whom the US has entered into an executive agreement that provides similar possibilities to service providers under their laws (i.e. to invoke a conflict of laws and to notify their government of the order). The court could quash the order if, by assessing the interests at stake, it would consider that this would be in the interest of justice.
8. This topic is likely to be raised further on during the discussions at the EU-US Ministerial Meeting, scheduled for 22-23 May in Sofia." [emphasis added]
Cross-border access to data has to respect human rights principles (EDRi, 20 September 2017, link)
Commission services, Technical document: Measures to improve cross-border access to electronic evidence for criminal investigations following the adoption of the Council Conclusions on Improving Criminal Justice in Cyberspace (Council document 9554/17, 22 May 2017, pdf)
NOTE from: Presidency to: CATS: Criminal justice in cyberspace - improving collaboration and coordination (6890/17, 6 March 2017, LIMITE, pdf)
Commission services, Non-paper: Progress Report following the Conclusions of the Council of the European Union on Improving Criminal Justice in Cyberspace (Council document 15072/16, 2 December 2016, pdf)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.