In our response, we voiced our support for the European Commission’s efforts to find practical and workable solutions to improve cooperation with service providers within the existing framework. We expressed our belief that the creation of an online tool containing all the applicable national laws as well as a description of who has authority to submit requests would provide tangible improvements and contribute to a common understanding for all relevant stakeholders. Moreover, we stressed that any potential solutions should in no way lead to a requirement for a service provider to reverse engineer, provide back doors or any other technology mandates to weaken the security of its service.
As the European Commission continues its work, we sought to highlight and encourage future activity on the following areas:
- Finding practical solutions to lawful access to data – When considering the establishment of an online platform to provide comprehensive guidelines, we encourage the European Commission to also consider using this platform to collect all the relevant national legal requirements, such as the criminal codes, corresponding procedural and other requirements as well as their English translations. This would facilitate a common understanding of these rules among service providers and facilitate dialogues with national authorities.
- Identifying a common jurisdictional basis among EU Member States - Given the nature of e-Evidence, which transcends traditional notions of territorial jurisdiction, identifying a common jurisdictional basis among Member States will be critical to finding a workable solution to conflict of law issues.
- Respecting fundamental rights - The jurisprudence from the ECHR and the CJEU should be taken into account for any solutions including the principle that access of the competent national authorities to data should only be allowed where the objective pursued by that access, in the context of fighting crime, is subject to prior review by a Court or an independent administrative authority.
- According the same protections to users of cloud technology services including the right to be notified when their data is being used – The lack of clarity as to whether an individual or a user can contest a government’s access demand in the same way as for their information committed to paper must be addressed. Any solution must also address the issue of user notification whereby unless service providers are bound by a Court Order not to disclose a data request due to the fact that it would jeopardise an investigation, users should be notified.
You can find DIGITALEUROPE’s position paper here
For more information please contact: