Skip to main content
SpringerLink
Log in

Privacy Protection in Exchanging Electronic Evidence in Europe

  • Chapter
  • First Online:
Handling and Exchanging Electronic Evidence Across Europe

Part of the book series: Law, Governance and Technology Series ((LGTS,volume 39))

  • 872 Accesses

Abstract

This chapter provides an overview of the legal framework addressing the exchange of electronic evidence and the implications related to privacy and data protection. While in Chap. 11 of this Volume, the current legal situation in general is reviewed, this chapter focuses specifically on privacy and data protection. Whereas many sources of law are subject to examination in both chapters—to a certain extent, this is in the nature of things, as they both deal with legal aspects—this review looks at the sources from a particular point of view. This chapter therefore follows a particular train of thoughts: after introducing the background and relevance of the protection of privacy in the collection and exchange of electronic evidence, and presenting the methodology used, the current European legal framework is examined about existing and applicable rules on data protection regarding electronic evidence, concluding with a final summary and recommendations for a future implementation of data protection standards.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Except some particular cases, in which (paper) files would be seized, e.g. in cases of tax crimes. Even in these cases, however, these files, other than modern smart phones or other mobile devices, typically would not contain comprehensive personal data repositories of the owner and all their peers.

  2. 2.

    See Sect. 13.2.

  3. 3.

    For example the practice of using a seized device to access data that may be stored in a cloud storage outside the jurisdiction in which operates the LEA accessing that data, results in questions regarding territorial competence, which have not yet found a unanimous answer.

  4. 4.

    608185 EVIDENCE Description of Work—Part A—Page 4 of 6.

  5. 5.

    Such as the principles of lawfulness, proportionality and purpose, the data subject’s rights to blocking, erasure and rectification, as well as information and access, storing time limits, particular protection of the special categories of personal data, limitations on automated decisions, data quality checks for transferred data, limitation of transfer to private parties, security of processing, legal remedies, prior consultation of data protection authorities, and similar.

  6. 6.

    Charter of Fundamental Rights of the European Union (2010/C 83/02): http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE.

  7. 7.

    Convention for the Protection of Human Rights and Fundamental Freedoms, http://www.echr.coe.int/Documents/Convention_ENG.pdf.

  8. 8.

    Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union 2012/C 326/01; http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT.

  9. 9.

    608185 EVIDENCE Description of Work—Part A—Page 4 of 6.

  10. 10.

    Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union 2012/C 326/01; http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT.

  11. 11.

    Convention for the Protection of Human Rights and Fundamental Freedoms, http://www.echr.coe.int/Documents/Convention_ENG.pdf.

  12. 12.

    Charter of Fundamental Rights of the European Union (2010/C 83/02): http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE.

  13. 13.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals regarding the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.

  14. 14.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML.

  15. 15.

    Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF.

  16. 16.

    Judgment of the Court (Grand Chamber) of 8 April 2014 (requests for a preliminary ruling from the High Court of Ireland (Ireland) and the Verfassungsgerichtshof (Austria))—Digital Rights Ireland Ltd (C-293/12) v Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, The Commissioner of the Garda Síochána, Ireland and the Attorney General, and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and Others (C-594/12), http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30dd27b7f477581446fabc2a85b30309ef55.e34KaxiLc3qMb40Rch0SaxuPc3v0?text=&docid=153045&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=610451.

  17. 17.

    CJEU, Joined Cases C203/15 and C698/15, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1.

  18. 18.

    See margin no. 107 of the judgement.

  19. 19.

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:350:0072:0092:en:PDF.

  20. 20.

    See http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:350:0072:0092:en:PDF.

  21. 21.

    Article 5 EEW.

  22. 22.

    Article 7 paragraph (b) EEW.

  23. 23.

    For more details see chapter XX “The European Legal Scenario, p. XX.

  24. 24.

    Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000/C 197/01); http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2000:197:0001:0023:EN:PDF.

  25. 25.

    http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=030&CM=&DF=&CL=ENG.

  26. 26.

    See Article 1 (1) a of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union.

  27. 27.

    Convention on Cybercrime; http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.

  28. 28.

    Recommendation 87 (15) of the Committee of Ministers to Member States Regulating the Use of Personal Data in the Police Sector, https://wcd.coe.int/com.instranet.InstraServlet?.

  29. 29.

    See section 10, chapter 2.4 for general information on the role of Europol in the overall legal system.

  30. 30.

    Council Decision 2009/371/JHA, https://www.europol.europa.eu/sites/default/files/council_ decision.pdf.

  31. 31.

    https://www.europol.europa.eu/sites/default/files/rules_applicable_to_europol_analysis_files.pdf.

  32. 32.

    https://www.europol.europa.eu/sites/default/files/rules_governing_europols_relations_with_part ners.pdf.

  33. 33.

    See https://www.europol.europa.eu/content/page/europol-eu-121 and https://www.europol.europa.eu/content/page/external-cooperation-31.

  34. 34.

    For further information, see section 10, chapter 2.4.

  35. 35.

    See Official Journal of the European Union 2005/C 68/01, http://eurojust.europa.eu/doclibrary/Eurojust-framework/dataprotection/Eurojust%20Data%20Protection%20Rules/Eurojust-Data-Protection-Rules-2005-02-24-EN.pdf.

  36. 36.

    http://www.eurojust.europa.eu/doclibrary/Eurojust-framework/ejdecision/Consolidated%20version%20of%20the%20Eurojust%20Council%20Decision/Eurojust-Council-Decision-2009Consolidated-EN.pdf.

  37. 37.

    http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2012/0011%28COD%29.

  38. 38.

    Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679; http://www.europarl.europa.eu/registre/docs_autres_institution/commission_europeenne/com/2012/0011/COM_COM%282012%290011_EN.pdf.

  39. 39.

    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA; http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0680; http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2012/0010%28COD%29.

  40. 40.

    Article 63 paragraph 2. and 3. 2016/680/EU.

  41. 41.

    2017/0003 (COD), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241.

  42. 42.

    CJEU, 21.12.2016, Joined Cases C203/15 and C698/15, Marginal Numbers 76 et seq, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1380714.

  43. 43.

    Ibid, Marginal Number 78.

  44. 44.

    Lawful “hacking” of IT systems, if legal under a given domestic legal framework, should e.g. require subsequent undoing of all alterations applied to the infiltrated system and be governed by specific rules on how to prevent third parties from exploiting potential vulnerabilities created during the infiltration process.

References

  1. CJEU: Joined Cases C203/15 and C698/15, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1

  2. Charter of Fundamental Rights of the European Union (2010/C 83/02) (2010). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE

  3. Consolidated Versions of the Treaty on European Union and the Treaty on the Funkctioning of the European Union (2012/C 326/01) (2012). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT

  4. Convention for the Protection of Human Rights and Fundamental Freedoms (1950). http://www.echr.coe.int/Documents/Convention_ENG.pdf

  5. Convention on Cybercrime, CoE ETS. No. 185 (2001). http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

  6. Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000). http://www.bgbl.de/banzxaver/bgbl/start.xav?start=//*%5B@attr_id=%27bgbl205016.pdf%27%5D#__bgbl__%2F%2F*%5B%40attr_id%3D'bgbl205016.pdf'%5D__1409154081805

  7. Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2000:197:0001:0023:EN:PDF

  8. Council Decision 2009/371/JHA (2009). https://www.europol.europa.eu/sites/default/files/council_decision.pdf

  9. Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (2008). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32008F0977&from=EN

  10. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals regarding the processing of personal data and on the free movement of such data (1995). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

  11. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (2002). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML

  12. Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (2006). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF

  13. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data by competent authorities for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0680

  14. Eurojust data protection rules (2005). http://eurojust.europa.eu/doclibrary/Eurojust-framework/dataprotection/Eurojust%20Data%20Protection%20Rules/Eurojust-Data-Protection-Rules-2005-02-24-EN.pdf

  15. Eurojust Decision (2009). http://www.eurojust.europa.eu/doclibrary/Eurojust-framework/ejdecision/Consolidated%20version%20of%20the%20Eurojust%20Council%20Decision/Eurojust-Council-Decision-2009Consolidated-EN.pdf

  16. European Convention on Mutual Assistance in Criminal Matters CETS No. 030 (1962). http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=030&CM=&DF=&CL=ENG

  17. European Court of Justice: Judgment of the court (Grand Chamber) of 8 April 2014, joined cases C-293/12 and C-594/12 (2014). http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=361892

  18. Europol cooperations with EU entities (2013). https://www.europol.europa.eu/content/page/europol-eu-121

  19. Europol rules for analysis files (2009). https://www.europol.europa.eu/sites/default/files/rules_applicable_to_europol_analysis_files.pdf

  20. Europol rules governing Europol’s relations with partners (2009). https://www.europol.europa.eu/sites/default/files/rules_governing_europols_relations_with_partners.pdf

  21. 608185 EVIDENCE Description of Work – Part A (2014)

    Google Scholar 

  22. Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications (2002). http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241

  23. Recommendation 87 (15) of the Committee of Ministers to Member States Regulating the Use of Personal Data in the Police Sector. https://wcd.coe.int/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&InstranetImage=2196553&SecMode=1&DocId=694350&Usage=2 (1987)

  24. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (1997) http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679; http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2012/0011/COM_COM%282012%290011_EN.pdf (2016)

Download references

Author information

Authors and Affiliations

  1. Institute for Legal Informatics, Leibniz Universität Hannover, Hannover, Germany

    Nikolaus Forgó, Christian Hawellek, Friederike Knoke & Jonathan Stoklas

Authors
  1. Nikolaus Forgó
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Hawellek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Friederike Knoke
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jonathan Stoklas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaus Forgó .

Editor information

Editors and Affiliations

  1. ITTIG-Institute of Legal Information Theory and Techniques, CNR-National Research Council of Italy, Florence, Italy

    Maria Angela Biasiotti

  2. RUG-University of Groningen, Groningen, The Netherlands

    Jeanne Pia Mifsud Bonnici

  3. RUG-University of Groningen, Groningen, The Netherlands

    Joe Cannataci

  4. ITTIG-Institute of Legal Information Theory and Techniques, CNR-National Research Council of Italy, Florence, Italy

    Fabrizio Turchi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Forgó, N., Hawellek, C., Knoke, F., Stoklas, J. (2018). Privacy Protection in Exchanging Electronic Evidence in Europe. In: Biasiotti, M., Mifsud Bonnici, J., Cannataci, J., Turchi, F. (eds) Handling and Exchanging Electronic Evidence Across Europe. Law, Governance and Technology Series, vol 39. Springer, Cham. https://doi.org/10.1007/978-3-319-74872-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-74872-6_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-74871-9

  • Online ISBN: 978-3-319-74872-6

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation