In view of the negotiations on a Second Additional Protocol to the CoE Cybercrime Convention (Budapest Convention), which will include a framework for law enforcement authorities to directly receive data from service providers, the European Data Protection Board addressed a letter to the responsible CoE committee calling for the integration of strong data protection safeguards. The EDPB points out that the contents of the additional protocol deal with sensitive issues of data protection; it will involve the collection of personal data, including not only subscriber but also traffic data, on the basis of orders from another jurisdiction. The new legal framework must be consistent with the CoE data protection convention (CETS no. 108) and should also be compliant with the EU’s primary and secondary law. The EDPB also called on the CoE committee to ensure transparency of the ongoing discussions. The concerns of the data protection authorities must be taken seriously.

Alongside the CoE, the EU is also working on a new regime for simplified and expedited access to e-evidence following a Commission proposal of April 2018. For the discussion, see eucrim 3/2019, p. 181 with further references. For the state of play of the proposal, see the EP’s Legislative Observatory website. In parallel, the EU is also negotiating an e-evidence agreement with the USA (see eucrim 4/2019, p. 248 with further references). The USA has already established an e-evidence legal framework via its CLOUD Act.