Abstract
This chapter provides an overview of the legal framework addressing the exchange of electronic evidence and the implications related to privacy and data protection. While in Chap. 11 of this Volume, the current legal situation in general is reviewed, this chapter focuses specifically on privacy and data protection. Whereas many sources of law are subject to examination in both chapters—to a certain extent, this is in the nature of things, as they both deal with legal aspects—this review looks at the sources from a particular point of view. This chapter therefore follows a particular train of thoughts: after introducing the background and relevance of the protection of privacy in the collection and exchange of electronic evidence, and presenting the methodology used, the current European legal framework is examined about existing and applicable rules on data protection regarding electronic evidence, concluding with a final summary and recommendations for a future implementation of data protection standards.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Except some particular cases, in which (paper) files would be seized, e.g. in cases of tax crimes. Even in these cases, however, these files, other than modern smart phones or other mobile devices, typically would not contain comprehensive personal data repositories of the owner and all their peers.
- 2.
See Sect. 13.2.
- 3.
For example the practice of using a seized device to access data that may be stored in a cloud storage outside the jurisdiction in which operates the LEA accessing that data, results in questions regarding territorial competence, which have not yet found a unanimous answer.
- 4.
608185 EVIDENCE Description of Work—Part A—Page 4 of 6.
- 5.
Such as the principles of lawfulness, proportionality and purpose, the data subject’s rights to blocking, erasure and rectification, as well as information and access, storing time limits, particular protection of the special categories of personal data, limitations on automated decisions, data quality checks for transferred data, limitation of transfer to private parties, security of processing, legal remedies, prior consultation of data protection authorities, and similar.
- 6.
Charter of Fundamental Rights of the European Union (2010/C 83/02): http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE.
- 7.
Convention for the Protection of Human Rights and Fundamental Freedoms, http://www.echr.coe.int/Documents/Convention_ENG.pdf.
- 8.
Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union 2012/C 326/01; http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT.
- 9.
608185 EVIDENCE Description of Work—Part A—Page 4 of 6.
- 10.
Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union 2012/C 326/01; http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT.
- 11.
Convention for the Protection of Human Rights and Fundamental Freedoms, http://www.echr.coe.int/Documents/Convention_ENG.pdf.
- 12.
Charter of Fundamental Rights of the European Union (2010/C 83/02): http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE.
- 13.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals regarding the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.
- 14.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML.
- 15.
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF.
- 16.
Judgment of the Court (Grand Chamber) of 8 April 2014 (requests for a preliminary ruling from the High Court of Ireland (Ireland) and the Verfassungsgerichtshof (Austria))—Digital Rights Ireland Ltd (C-293/12) v Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, The Commissioner of the Garda Síochána, Ireland and the Attorney General, and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and Others (C-594/12), http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30dd27b7f477581446fabc2a85b30309ef55.e34KaxiLc3qMb40Rch0SaxuPc3v0?text=&docid=153045&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=610451.
- 17.
CJEU, Joined Cases C203/15 and C698/15, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1.
- 18.
See margin no. 107 of the judgement.
- 19.
- 20.
- 21.
Article 5 EEW.
- 22.
Article 7 paragraph (b) EEW.
- 23.
For more details see chapter XX “The European Legal Scenario, p. XX.
- 24.
Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000/C 197/01); http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2000:197:0001:0023:EN:PDF.
- 25.
- 26.
See Article 1 (1) a of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union.
- 27.
Convention on Cybercrime; http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.
- 28.
Recommendation 87 (15) of the Committee of Ministers to Member States Regulating the Use of Personal Data in the Police Sector, https://wcd.coe.int/com.instranet.InstraServlet?.
- 29.
See section 10, chapter 2.4 for general information on the role of Europol in the overall legal system.
- 30.
Council Decision 2009/371/JHA, https://www.europol.europa.eu/sites/default/files/council_ decision.pdf.
- 31.
- 32.
- 33.
- 34.
For further information, see section 10, chapter 2.4.
- 35.
See Official Journal of the European Union 2005/C 68/01, http://eurojust.europa.eu/doclibrary/Eurojust-framework/dataprotection/Eurojust%20Data%20Protection%20Rules/Eurojust-Data-Protection-Rules-2005-02-24-EN.pdf.
- 36.
- 37.
- 38.
Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679; http://www.europarl.europa.eu/registre/docs_autres_institution/commission_europeenne/com/2012/0011/COM_COM%282012%290011_EN.pdf.
- 39.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA; http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0680; http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2012/0010%28COD%29.
- 40.
Article 63 paragraph 2. and 3. 2016/680/EU.
- 41.
2017/0003 (COD), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241.
- 42.
CJEU, 21.12.2016, Joined Cases C203/15 and C698/15, Marginal Numbers 76 et seq, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1380714.
- 43.
Ibid, Marginal Number 78.
- 44.
Lawful “hacking” of IT systems, if legal under a given domestic legal framework, should e.g. require subsequent undoing of all alterations applied to the infiltrated system and be governed by specific rules on how to prevent third parties from exploiting potential vulnerabilities created during the infiltration process.
References
CJEU: Joined Cases C203/15 and C698/15, http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1
Charter of Fundamental Rights of the European Union (2010/C 83/02) (2010). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12010P&from=DE
Consolidated Versions of the Treaty on European Union and the Treaty on the Funkctioning of the European Union (2012/C 326/01) (2012). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012E/TXT
Convention for the Protection of Human Rights and Fundamental Freedoms (1950). http://www.echr.coe.int/Documents/Convention_ENG.pdf
Convention on Cybercrime, CoE ETS. No. 185 (2001). http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000). http://www.bgbl.de/banzxaver/bgbl/start.xav?start=//*%5B@attr_id=%27bgbl205016.pdf%27%5D#__bgbl__%2F%2F*%5B%40attr_id%3D'bgbl205016.pdf'%5D__1409154081805
Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2000:197:0001:0023:EN:PDF
Council Decision 2009/371/JHA (2009). https://www.europol.europa.eu/sites/default/files/council_decision.pdf
Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (2008). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32008F0977&from=EN
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals regarding the processing of personal data and on the free movement of such data (1995). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (2002). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (2006). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data by competent authorities for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0680
Eurojust data protection rules (2005). http://eurojust.europa.eu/doclibrary/Eurojust-framework/dataprotection/Eurojust%20Data%20Protection%20Rules/Eurojust-Data-Protection-Rules-2005-02-24-EN.pdf
Eurojust Decision (2009). http://www.eurojust.europa.eu/doclibrary/Eurojust-framework/ejdecision/Consolidated%20version%20of%20the%20Eurojust%20Council%20Decision/Eurojust-Council-Decision-2009Consolidated-EN.pdf
European Convention on Mutual Assistance in Criminal Matters CETS No. 030 (1962). http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=030&CM=&DF=&CL=ENG
European Court of Justice: Judgment of the court (Grand Chamber) of 8 April 2014, joined cases C-293/12 and C-594/12 (2014). http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=361892
Europol cooperations with EU entities (2013). https://www.europol.europa.eu/content/page/europol-eu-121
Europol rules for analysis files (2009). https://www.europol.europa.eu/sites/default/files/rules_applicable_to_europol_analysis_files.pdf
Europol rules governing Europol’s relations with partners (2009). https://www.europol.europa.eu/sites/default/files/rules_governing_europols_relations_with_partners.pdf
608185 EVIDENCE Description of Work – Part A (2014)
Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications (2002). http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241
Recommendation 87 (15) of the Committee of Ministers to Member States Regulating the Use of Personal Data in the Police Sector. https://wcd.coe.int/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&InstranetImage=2196553&SecMode=1&DocId=694350&Usage=2 (1987)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (1997) http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679; http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2012/0011/COM_COM%282012%290011_EN.pdf (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Forgó, N., Hawellek, C., Knoke, F., Stoklas, J. (2018). Privacy Protection in Exchanging Electronic Evidence in Europe. In: Biasiotti, M., Mifsud Bonnici, J., Cannataci, J., Turchi, F. (eds) Handling and Exchanging Electronic Evidence Across Europe. Law, Governance and Technology Series, vol 39. Springer, Cham. https://doi.org/10.1007/978-3-319-74872-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-74872-6_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74871-9
Online ISBN: 978-3-319-74872-6
eBook Packages: Law and CriminologyLaw and Criminology (R0)