e‐Evidence Cooperation in Criminal Matters from an EU Perspective
Published date | 01 July 2022 |
Author | Marcin Rojszczak |
Date | 01 July 2022 |
DOI | http://doi.org/10.1111/1468-2230.12749 |
bs_bs_banner
Modern Law Review
DOI:10.1111/1468-2230.12749
LEGISLATION
e-Evidence Cooperation in Criminal Matters from an
EU Perspective
Marcin Rojszczak∗
For several years there has been debate among EU Member States on the need to regulate
cross-border access to electronic data used as evidence in criminal proceedings and how best
to do this. The existing model of cooperation, based mainly on bilateral agreements, appears
dysfunctional and is perceived by manyas a bar rier to eectively combatting rising cross-border
crime. In response, work has begun on several new legal mechanisms, most importantly the
draft e-Evidence Regulation from the European Commission and a proposal to extend the
Convention on Cybercrime – already in operation for almost 20 years – with an additional new
protocol.At the same time, the United States has proposed its ownmodel of cooperation, arising
from the CLOUD Act. This article discusses the current state of play and the expected shape
of future regulations – in terms of both facilitating law enforcement cooperation and clarifying
obligations imposed on digital service providers.
INTRODUCTION
The problem of providing electronic evidence to law enforcement authorities
is often seen as relating mainly to the ght against computer crime. Although
no universal and generally accepted denition of cybercrime has yet been de-
veloped, this category in most cases includes acts committed with the use of
information systems, which target the security of computer systems or data.1
Thus, cybercrime can, strictly speaking, be dened as a new category of crim-
inal oence, being a natural consequence of the spread of modern forms of
information processing.2
∗Assistant Professor,Faculty of Administration and Social Sciences, Warsaw University of Technology,
Poland.
1 For dierent perspectives on how to dene cybercrime see: ‘Comprehensive Study on Cyber-
crime’ United Nations Oce on Drugs and Crime (2013) at https://cli.re/XeD5rj (last visited 4
August 2021);B.K. Payne,‘Dening Cybercrime’in T.J.Holt and A.M. Bossler (eds),The Palgrave
Handbook of International Cybercrime and Cyberdeviance (Cham: Springer International Publishing,
2020).
2 In this understanding, cybercrime in the narrow sense (computer-related crime) encompasses
any illegal conduct directed through electronic operations that targets the security of computer
systems and the data they process.Cybercr ime in a broader sense (computer-related crime), on
© 2022 The Author.The Modern Law Review © 2022 The Modern Law Review Limited. (2022) 85(4) MLR 997–1028
e-Evidence Cooperation in Criminal Matters from an EU Perspective
Information systems contain evidence that helps to identify the perpetra-
tors of other types of crime. Furthermore, perpetrators of almost all types of
oences nowadays leave a digital trail, the preservation of which is of key im-
portance to criminal investigations. In some cases, digital evidence is not only
complementary but the basic source of evidence, without which it is impos-
sible not only to identify the perpetrator but also to reconstruct a chain of
events. Suce to say, the prosecution of certain types of serious crime, such
as money laundering, is de facto based on evidence extracted from electronic
nancial systems. According to a European Commission analysis,electronic ev-
idence is required in around 85 per cent of ongoing criminal proceedings – and
in two-thirds of cases it is in the possession of service providers based in another
jurisdiction.3
Currently, access to electronic evidence is one of the key problems in the
development of cross-border law enforcement cooperation between EU coun-
tries. This should not come as a surpr ise,especially consider ing the impor tance
of eectively ghting cybercrime to the success of the Digital Single Market
– one of the European Union’s top strategic priorities.4It should be borne
in mind, however, that it was only with the introduction of the Lisbon re-
form and the elimination of the three pillars of integration that the compe-
tence of the Union in harmonising criminal law signicantly increased.5As
a result, numerous acts of secondary law were passed in subsequent years, ap-
proximating national criminal law provisions concerning various types of seri-
ous crime,6including cybercrime.7The regulations introduced also contained
general rules on the collection and transfer of evidence. However, these pro-
visions were piecemeal and usually concerned a specic area of cooperation,
relating to the detection and punishment of particular types of crime. The lack
of a comprehensive mechanism dedicated to investigative cooperation was par-
tially solved by the introduction of the European Investigation Order (EIO).8
In practice,however,this measure,although it can also be used to transfer dig ital
the other hand, covers illegal conduct committed through, or in connection with, a computer
system or network, including oences such as the illegal possession, oer ing or dissemination of
information through a computer system or network.
3 European Commission, Impact assessment – e-Evidence – the appointment of legal representa-
tives for the purpose of gathering evidence in criminal proceedings SWD (2018) 118 nal, 33 at
https://cli.re/yr2Yo5 (last visited 4 August 2021) (Impact assessment).It should be noted, however,
that the data presented have been criticised as unreliable – see for example S.Vazquez Maymir,
‘Anchoring the Need to Revise Cross-Border Access to e-Evidence’ (2020) Internet Policy Re-
view at https://policyreview.info/articles/analysis/anchoring-need- revise-cross-border-access-
e-evidence (last visited 9 March 2021).
4 Council of the European Union, The ght against cybercrime was one of the priorities of the EU
Policy Cycle set by the Council for the period 2018-2021: Council conclusions on setting the EU’s
priorities for the ght against organised and serious international crime between 2018 and 2021 8654/17
at https://cli.re/Pvb824 (last visited 4 August 2021).
5 V.Mitsilegas, EU Cr iminal Law after Lisbon:Rights, Trust and the Transformation of Justice in Europe
(Oxford: Hart Publishing, 2018).
6 Which follows from the competence conferred on the Union by TFEU, Art 83(1).
7 Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on
attacks against information systems and replacing Council Framework Decision 2005/222/JHA
[2013] OJ L218/8.
8 Directive2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding
the European Investigation Order in criminal matters [2014] OJ L130/1.
998 © 2022 The Author.The Modern Law Review © 2022 The Modern Law Review Limited.
(2022) 85(4) MLR 997–1028
Marcin Rojszczak
evidence, was developed mainly with a view to the cross-border implementa-
tion of investigative measures.9
This lack of a more exible mechanism to secure and transfer digital data be-
tween Member States was the reason why the Commission took the legislative
initiative and in 2018 presented the so-called e-Evidence Package.10 Consist-
ing of two pieces of legislation, the Commission’s proposal became the subject
of further work among EU institutions. While the Council developed its own
negotiating position relatively quickly,11 it was not until the end of 2020 that
the Parliament adopted the agreed draft12 – thus making it possible to start a
trialogue in early 2021, the nal stage of the EU legislative procedure.13
However,the e-Evidence Package is not the only European initiative aimed
at developing a new legal mechanism for cross-border transmission of digital
evidence for the purpose of ongoing criminal proceedings. The Cybercrime
Convention Committee, an advisory body established under the Convention
on Cybercrime (Budapest Convention), is also currently conducting its own
work.14 The aim is to develop a new additional protocol supplementing the
text of the Convention and to create a framework for cooperation with re-
gard to electronic evidence.Created under the auspices of the Council of Eu-
rope, the Budapest Convention is so far the only legally binding international
agreement established in the eld of combatting cybercrime. The provisions of
the Convention not only set out general strategic objectives but actually con-
tribute to the approximation of national criminal laws by introducing a com-
mon catalogue of criminal acts.15 Clearly, supplementing the Convention with
an additional protocol on the transmission of electronic evidence may provide
new impetus in strengthening law enforcement cooperation in the ght against
cross-border crime.
The United States has also put forward its own initiative in this area. While
European proposals are, in principle,based on multilateral solutions, the main el-
ement of the American proposal, arising from the federal CLOUD Act,16 is the
conclusion of bilateral agreements. These agreements provide the basis for the
9 See recital 8 of Directive 2014/41.
10 Á.Tinoco-Pastrana, ‘The Proposal on Electronic Evidence in the European Union’(2020) Eu-
crim 46.
11 ‘Regulation of the EuropeanParliament and of the Council on European production and preser-
vation orders for electronic evidence in criminal matters – general approach’ Council of the
European Union,11 June 2019 10206/19 at https://cli.re/pZbjoQ (last visited 4 August 2021).
12 See ‘Report on the proposal by the European Parliament and Council on European Produc-
tion and Preservation Orders for a regulation on electronic evidence in criminal matters’ A9-
0256/2020 at https://cli.re/vzK1My (last visited 4 August 2021) (EP draft e-Evidence Regu-
lation).
13 T.Wahl,‘New E-Evidence Legislation: Trilogue Started – Criticism on EP Stance’(2021) Eucr im
38.
14 Convention on Cybercrime of the Council of Europe opened for signature on 23 November
2001 in Budapest, CETS No 185.
15 J.Clough, ‘The Council of Europe Convention on Cybercr ime: Dening “Crime” in a Digital
World’(2012) 23 Cr iminal Law Forum 363.
16 Clarifying the Lawful Use of Overseas Data Act of 2018, Pub. L. No. 115-141, 132 Stat. 348
(codied as amended in separate sections of 18 U.S.C.)available online at https://cli.re/BwPk5Q
(last visited 4 August 2021).
© 2022 The Author.The Modern Law Review © 2022 The Modern Law Review Limited.
(2022) 85(4) MLR 997–1028 999
To continue reading
Request your trial