This study examines the challenges to European law posed by third-country access to data held by private companies for purposes of law-enforcement investigations in criminal proceedings. The proliferation of electronic communications is putting cloud-computing companies under severe strain from multiple demands from the authorities to acquire access to such data.
A key challenge for the EU emerges when third-country authorities request access to data held by private companies under EU jurisdiction outside pre-established channels of cooperation, in particular outside Mutual Legal Assistance (MLA) treaties. The EU concluded an MLA agreement with the United States in 2003, which sets the rules and procedures for lawful and legitimate access to evidence. A key distinguishing feature of the MLA-led process is that any request for access to data is “mediated” by or requires the consent of the state authority to whom the request is submitted as well as scrutiny by an independent judicial authority.
Special focus is given to practical issues emerging in EU-US relations covering mutual legal assistance and evidence-gathering for law enforcement purposes in criminal proceedings. The fundamental question guiding this enquiry is how best to ensure that the rule of law and trust-based methods are respected in these proceedings.
The authors carried out a detailed survey of the main EU legal instruments and their standards, underlining their direct relevance for assessing the lawfulness and legitimacy of access to data. They then outline three possible scenarios for the future and put forward a set of policy recommendations for addressing these challenges.