Brussels, 28 June 2022
-
Notifications sent to member states where service provider is located
-
Possibility to refuse an order when there are fundamental rights concerns
-
Data protection rules must be respected and data controllers notified
On Tuesday, EP and Council negotiators reached a political agreement on core elements of a package on requesting electronic data for criminal investigations from elsewhere in the EU.
After negotiations on June 28, a political agreement was reached on core elements of the legislative package on collecting and preserving electronic evidence (“e-evidence”) across member state borders in the EU. The new legislation would allow national authorities to request evidence directly from service providers in other member states, or ask that data be preserved for future use. The new rules would also mandate companies to appoint EU legal representatives to deal with electronic evidence requests in a centralised way.
Fundamental rights in focus
In the negotiations, Parliament sought to ensure that criminal investigations become more efficient, while fundamental rights and EU data protection rules are respected. Parliament secured a requirement to notify the authorities in the member state where the service provider is located, for traffic and content data, except for situations where the suspect resides in the issuing member state and the crime is committed there. Orders can be refused on certain grounds, notably when there are concerns about fundamental rights. In addition, the protection of media freedom and journalists was one of the main priorities of the Parliament.
Co-legislators also agreed on the rules on the reimbursement of costs and sanctions that could be imposed to the service providers in case on non-compliance. Finally, it was agreed that orders would be communicated through a specific, secure IT system.
Quote
Rapporteur Birgit Sippel (S&D, DE) said: “As everyday life moves online, criminal activity also takes place more online, meaning that electronic evidence is increasingly important. But, accessing this evidence across borders can be a lengthy and cumbersome process, and data is too often deleted in the process. Today’s provisional agreement on the main elements of the package means that national authorities can make a direct request to service providers in other Member States to hand over or secure electronic evidence. As a long-standing advocate for the protection of personal data, I fought hard to secure safeguards that mean investigating authorities have to inform the target country’s authorities where the most sensitive data, traffic and content data, are concerned and give them an opportunity to refuse an order in specific circumstances, in particular where fundamental rights are at stake, while the service provider has to preserve the data. Parliament also made it clear that service provider will have the right to raise concerns to both the issuing and the enforcing State, for example, where the right to freedom of expression is at stake.”
Next steps
The negotiating teams will still have to agree on outstanding aspects of the package, which consists of a regulation and a directive. Then, the European Parliament and the Council of the EU will have to formally adopt them.
Further information
Source – EU Parliament
EU-Abgeordnete Düpont (CDU) zu Trilog-Einigung für elektronische Beweismittel
28. Juni 2022
Vertreter von Europaparlament, Rat und EU-Kommission haben sich auf Schlüsselelemente zur grenzüberschreitenden Sammlung und Aufbewahrung elektronischer Beweismittel geeinigt. Hierzu erklärt Lena Düpont (CDU), innenpolitische Sprecherin der CDU/CSU-Gruppe:
„Dies ist ein historischer Tag für die Verbrechensbekämpfung in der EU. Mit diesem neuen Abkommen über elektronische Beweismittel werden die Justizbehörden in den verschiedenen Mitgliedstaaten über mehr Instrumente zur Bekämpfung von Kriminalität und Terrorismus verfügen. Gleichzeitig wird unseren Datenschutzgrundsätzen Rechnung getragen.
Die zunehmende Online-Kriminalität hat gezeigt, dass wir dringend neue Regeln für den grenzüberschreitenden Austausch elektronischer Beweismittel brauchen. Nur wenn der Zugang zu digitalen Beweisen in der gesamten EU unbürokratisch gewährleistet ist, können wir internationalen Sicherheitsbedrohungen wirksam begegnen.
Wir müssen unsere Strafverfolgungsbehörden mit schlagkräftige Instrumenten ausstatten, um neuartigen Bedrohungen unserer Sicherheit wirksam zu begegnen. Der rechtsichere Zugriff auf Beweise in der elektronischen Kommunikation dafür unabdingbar. In einer zunehmend vernetzten Welt fallen Diensteanbieter und Ermittlungsbehörden nur noch selten in dieselbe nationale Zuständigkeit. Die heutige Einigung ist ein großer Schritt nach vorn für die polizeiliche und justizielle Zusammenarbeit in der EU. Jetzt müssen wir auf diesem Schwung aufbauen, um die noch ausstehenden Details rasch zu klären und das Instrument so bald wie möglich in Kraft zu setzen.“
Quelle – CDU/CSU
S&D Group: E-evidence will bring a major paradigm shift in police, justice and service provider cooperation in the EU
28 June 2022
In order to improve the access of investigating authorities to electronic evidence, the Commission presented EU rules on cross-border issuing and securing of electronic evidence in 2018. After a year and a half of intense negotiations, on Tuesday the EU Parliament and Council have found a political agreement on the core elements of the framework for collecting and securing the so-called e-evidence.
In the coming weeks, EU negotiators will agree on the final technical points of the legislative package before the final texts for the regulation and the associated directive can be adopted by the Parliament and the Council later in the year.
Birgit Sippel, S&D home affairs spokesperson and Parliament’s negotiator:
“As everyday life moves online, criminal activity also takes place more online. E-evidence plays an increasingly important role in investigations and criminal proceedings. With evidence often stored in service providers like social networks that are based in other Member States, access to evidence can be a lengthy and cumbersome process and data is too often deleted in the process.
The provisional agreement reached today represents a major paradigm shift in police and judicial cooperation with service providers in the EU: for the first time, national investigating authorities may make a direct request to service providers in other Member States to hand over or secure electronic evidence, through surrender orders with clear deadlines and uniform rules across the EU. Despite improving the efficiency of cross-border criminal investigations, direct cooperation between the authorities of one EU country and the service provider of another also poses a number of risks related to fundamental rights, in particular privacy and data protection, but also to procedural rights due to the differences in criminal law across the EU.
As a long-standing advocate for the notification of orders, above all when personal data is at risk, I fought hard to secure safeguards so that investigating authorities have to inform the authorities of the other Member State and give them an opportunity to refuse an order in specific circumstances, in particular where fundamental rights are at stake. Parliament’s insistent position throughout the negotiations will mean that more efficient criminal investigations and the protection of fundamental rights will go hand in hand and that personal data is safely only transmitted for specific purposes in criminal investigations.”
Note to editors
As part of the negotiations on e-evidence rule, Parliament achieved the following important safeguards:
As part of the new rules, in surrender orders for content data and traffic data, where such data is not requested solely for the identification of a person, the Member State in which the service provider is located will be informed at the same time as the service provider is addressed (through so-called “notification”) unless the accused person of the crime has its permanent residence in the issuing State and the crime was or is likely to have been committed exclusively in the issuing State. The notified authority may then refuse the order within 10 days, or 8 hours in case of emergency, based on a list of reasons. The service provider must secure the data during this period, but would not be able to release it until the deadlines have expired and there is no refusal.
If the crime under investigation is not a crime in the service provider’s country, this would be included in the list of possible grounds for refusal. Similarly, if handing over the data would constitute a violation of the fundamental rights enshrined in the Charter and the EU Treaties, this would also be grounds for refusal. As violations of fundamental rights are more likely by authorities under an ongoing rule of law procedure, such as Poland and Hungary and the so-called Article 7 procedure, special provisions underline that in these cases a surrender order can be refused on the basis of an assumed violation of fundamental rights.
Under the provisional rules, service providers can also bring surrender orders not only to the attention of the issuing authority, but also to the authorities of the country in which they are located, for example if they restrict media freedom.
With Parliament’s pressure, the package has been brought into line with existing EU data protection law. For example, orders have to be sent to data controllers, in principle, and can only be addressed to data processors under certain conditions. Especially when it comes to sensitive data like health records, this is crucial.
Finally, the co-legislators generally agreed on the framework for an EU-wide platform through which the orders to the service providers, but also the data sent to the authorities, will be transmitted. Such an EU platform is the only way service providers can be sure that an order is genuine and not falsified, and to guarantee confidential data is safely and securely shared with investigating authorities.
Source – S&D Group – via e-mail