The EU and the US may have their digital differences, but that’s not standing in the way of the EU falling into lockstep with some US policies as they relate to companies the sharing of crime data. The EU aims to help US law enforcement agencies access suspects’ emails, text messages, photos and other data. The hope here is that in the process privacy rights aren’t trampled and innocent citizens' data scooped up in the potential trove of data, as has often been the outcome before when governments started snooping.
With the proposed EU initiative, the European Commission is poised to punish technology companies that do not hand over so-called "e" evidence that is needed for criminal investigations, regardless of where companies are located or user data is stored. And it will streamline the tedious process of Mutual Legal Assistance Treaties (MLATs) and allow the government agencies to deal directly with the foreign companies in question, rather than go through the layers of government bureaucracy.
With a nod to the US, which passed a similar law recently, in taking this step the EU says the imminent law is needed to speed up terror investigations. The recently passed US Cloud Act clarifies the law so that US judges can issue warrants for data held abroad, while giving companies an avenue to object if the request conflicts with foreign law. In the case of the EU, and similar to the US legislation, prosecutors and police need permission from a judge to approve their request for electronic evidence when it comes to sensitive data - such as the actual content of messages, emails, pictures, and videos.
Consequentially, in the EU, tech-titans such as Google, Microsoft and Facebook will be compelled to submit users’ data to European law enforcement officials, even when it is stored on servers outside the Union. The law is sweeping as it covers data such as emails, text messages, and pictures stored online outside the EU's borders. And the tech companies must comply within 10 days or, if it is deemed an emergency, in as little as six hours.
The EU authorities contend this step is necessary, as the current process for retrieving data is too cumbersome and time-consuming. In some instances, as it stands now, a law enforcement request for data can take 10 months. This is untenable, says Vera Jourova, the EU’s justice commissioner, in urging the procedures to be brought up to date.
“We need to equip law enforcement authorities with 21st century methods to tackle crime, just as criminals use 21st century methods to commit crime.”
Her opinion was echoed by Frans Timmermans, EU Commission Vice-President who said:
“We cannot allow criminals and terrorists to exploit modern and electronic communications technologies to hide their criminal actions and evade justice.”
That data is stored in the nebulous cloud is a problem that the new law will address and obviate, he hopes. It is not without pitfalls or perils, however, despite conforming more to US digital policy as represented by the US Cloud Act. And each block is careful about cross-border data transfers. In the US, for example, certain companies are not allowed to disclose information to foreign governments. Likewise, on the continent, users’ digital privacy is rigorously protected, and companies are restricted in how they can transfer data outside the EU.
In the end, the EU hopes to commence a dialogue with the United States, with a view to helping law enforcement agencies to seize evidence held on each other’s territories. It should be noted, and might be a reason as well as a catalyst for the EU’s initiative, that more than half of all criminal investigations now include a cross-border request to obtain electronic evidence held in another country in or outside the EU. Only time will tell whether this apparently reasonable initiative will have a negative effect on the average law-abiding citizens of the EU.
Image credit: By fredex/Shutterstock.