Tech firms may be forced to hand user data to police under new EU rules
The European Commission (EC) has proposed new rules that could see technology companies like Google and Facebook being forced to hand over user data to law enforcement agencies.
The rule would apply even if the data is stored on servers that are located outside of the European Union.
The EC said it wants to “make it easier and faster for police and judicial authorities to obtain the electronic evidence, such as e-mails or documents located on the cloud, they need to investigate, prosecute and convict criminals and terrorists.”
The European Union executive says the proposed law is necessary because current legal procedures between countries to obtain such electronic evidence can drag on for months.
“Electronic evidence is increasingly important in criminal proceedings,” said European Commission Vice-President Frans Timmermans.
“We cannot allow criminals and terrorists to exploit modern and electronic communication technologies to hide their criminal actions and evade justice.
“Today's proposals will put in place unprecedented tools enabling the competent authorities not only to gather electronic evidence quickly, efficiently across borders but also ensuring robust safeguards for the rights and freedoms of all affected.”
Digital borders are a growing global issue in an era where big companies operate so-called cloud networks of giant data centres, which mean that an individual’s data can reside anywhere.
Technology companies have found themselves torn between protecting consumers’ privacy while cooperating with law enforcement. The political pressure has intensified after Islamist-inspired attacks across Europe in recent years.
The EC claims that almost two thirds of crimes where electronic evidence is held in another country cannot be properly investigated or prosecuted, mainly due to the time it takes to gather such evidence or the fragmentation of the legal framework.
The United States recently moved to address the same problem, passing a law making it clear that US judges could issue warrants for data held abroad while giving companies an avenue to object if the request conflicts with foreign law.
Prosecutors and police will have to ask a judge to approve their request for electronic evidence where it concerns more sensitive data, such as the actual content of messages, emails, pictures and videos.
The proposal will apply only in cases where crimes carry a minimum jail sentence of three years. In cases of cybercrime there will be no minimum penalty requirement.
Where companies find themselves in a conflict-of-law situation because the country where data is stored forbids them from handing it over to a foreign authority, they will be able to challenge the seizure request.
Facebook is currently one of 30 companies under investigation by the Information Commissioner’s Office in the UK after it was accused of using personal data for political purposes.