With human activity becoming more and more dependent on digital technologies, criminal investigations increasingly depend on digital evidence. Yet the gathering of this type of evidence is far from straightforward. Besides technological challenges, one of the major obstacles that law enforcement authorities encounter is the fact that the data they need is often stored abroad or by a foreign service provider. At the international level, this results in the need to resort to mutual legal assistance and, at the EU level, to the European Investigation Order. Even the length of the procedure when resorting to the EIO is far too slow, because relevant data can be lost in the meantime. This article discusses the initiative of the European Commission to establish a European legal framework regarding direct requests for electronic evidence sent by law enforcement authorities in the EU to service providers in another EU Member State (the "e-evidence initiative"). ... Read more

This article seeks to demystify the recently enacted Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in March 2018 by the U.S. government in an effort to address challenges faced by law enforcement in accessing data located across borders. It explains the two parts of the act, dealing with: (i) U.S. access to data located outside the United States; and (ii) foreign government access to data held by U.S. companies within the United States. As the article highlights, the CLOUD Act offers a model for both responding to law enforcement needs and setting – and raising – baseline privacy protections. In that regard, it is a step in the right direction, although there is much more work to be done.

In September 2018, the European Commission presented a draft Regulation on preventing the dissemination of terrorist content online. The proposal builds on EU-level initiatives to foster the voluntary cooperation of service providers in stopping the dissemination of terrorist content online, and it echoes ongoing national developments which go a step further in imposing obligations – underpinned by considerable fines – on service providers. This article describes the main features of the proposal and highlights some of the policy challenges, legal questions, and technological concerns it is likely to face on the road to adoption.

Although the significance of electronic evidence for criminal investigations of any type of criminal offence has been steadily growing for years, respective legal frameworks in all EU Member States are only fragmented – if they exist at all. There is an urgent need for comprehensive legislation that takes into account the various grades of data sensitivity. For various reasons, the common distinction between subscriber data, traffic data, and content data is not suitable for this purpose. Instead, a new classification is necessary.
The article analyzes the relevant backgrounds and provides an overview of the current issues. More importantly, it proposes a new classification with five categories of electronic data. The key criterion for determining the sensitivity of a dataset − the data subject’s reasonable expectation of confidentiality – allows a distinction as follows: (1) data of core significance for private life, (2) secret data, (3) shared confidential data, (4) data of ... Read more

Some EU Member States have already adopted broad-ranging whistleblowing legislation because of financial or public health scandals. In this context, the European Parliament suggested a draft directive to protect whistleblowers by offering a “horizontal” approach covering all public and private sectors. In 2018, the European Commission, by contrast, proposed widening the existing EU sectoral approach and including the protection of the financial interests of the European Union in a directive “on the protection of persons reporting on breaches of Union law.” The author argues that this broader sectoral approach − while making a step forward − still raises a number of issues.