Opinion on the Proposal for a Regulation of the European Parliament and of the Council on European production and preservation orders for electronic evidence in criminal matters - General approach of the Council dated 11th June 2019 (10206/19)
The German Association of Judges welcomes the efforts to regulate the preservation and production of electronic evidence in criminal matters across the European Union. These efforts meet the requirements of practical criminal investigations to obtain knowledge of the data, content and persons involved in telecommunications as soon as possible and above all without loss of data.
However, the acceleration and simplification of access to data is “bought” with losses and risks to the rule of law. Direct access to foreign service providers for the issuing State also implies a risk of loosing legal and constitutional control in the enforcing State. In this conflicting situation of the benefits and risks involved in simplified access to data across the European Union, it is important to make sure to find a right and acceptable balance.
Further readjustment is required here, in particular to define more clearly the scope of the European Production Order (EPOC) and the European Preservation Order (EPOC-PR) and to allow the enforcing Member State to carry out more of an own assessment and control of such an order than has been proposed until now.
B. Detailed assessment
I. On the scope of the EPOC and EPOC-PR:
The intended scope of the European Production and Preservation Order is extensive; as far as the preservation of data and the production of subscriber and access data is concerned, it is practically unlimited. In these cases, access is provided as long as the production or preservation of data is proportionate and a similar order is available for the same criminal offence in a comparable domestic situation.
Limiting the issue of transactional or content data to criminal offences, which carry a three-year maximum sentence in the issuing State, would in practice not lead to a significant limit on the scope of application. In fact, criminal offences according to German law, such as slander, defamation or libel (§§ 185 et seq. of the German penal code) would be excluded from the cross-border transfer of transactional and content data. However, the extent to which this applies to other Member States, is completely open, since there is no harmonisation of criminal offences and sanctions across the European Union. This means that in some cases the EPOC/EPOC-PR enables the collection of cross-border evidence which could not be requested by means of classic mutual judicial assistance because the offence committed in the issuing State is in fact not a criminal offence in the enforcing State. This extensive renunciation of dual criminality is all the more serious as with the extensive scope of the EPOC/EPOC-PR there are only reduced or no domestic examinations of the legality of orders by a national court of the enforcing State.
In order to achieve a lawful and constitutional balance, simplified and accelerated access to data across the European Union must be counterbalanced by a proviso that this action can only take place under conditions that also apply in the enforcing State. It would be conceivable and desirable to reach a consensus – as it is the case for a variety of European mutual legal assistance instruments – on a catalogue of criminal offences. This catalogue would make sure the dual criminality of the relevant offences and at the same time determine the standard for what minimum kind of criminal offence the request to issue content data should be permitted. The European Union should not resort to the uncertain and across the EU non-uniform criterion of a maximum sentence.
II. On the notification procedure for the EPOC for content data:
In view of the general renunciation of legal control by the enforcing State, the introduction of a notification procedure for content data by the Council’s general approach of 30 November 2018 is an important step in the right direction. However, this should be done also for transactional data. This type of data, particularly location information, can be used for example to provide a definitive picture of the movements of the person concerned. Also other communication data can, as part of the overall picture, provide information about the lifestyles of the person concerned and therefore lead to a deep intrusion into privacy and into their right of informational self-determination.
III. On the consultation procedure for the EPOC for transactional data:
The consultation procedure described in the General Approaches of 30 November 2018 and 11 June 2019 for the issue of transactional data in cases in which the issuing authority has reason to believe that the person whose data is being sought is residing in another Member State, is not sufficient in itself to achieve the requested protection of the person concerned.
The reason is that it only applies when the issuing State furthermore has justified reason to assume that the data concerned could be “privileged” and under special protection of the law of the enforcing State. As a result, this very sensitive examination - in particular with regards to aspects of freedom of press and freedom of expression - is withdrawn from the enforcing State and transferred to the issuing State and to the private service provider, which will often not have sufficient information for such a kind of assessment.
A consultation procedure would only be effective if – as in the case of notification concerning content data – already the place of residence of the person concerned being outside the issuing State provided a reason for consultation. It would seem reasonable to provide such a consultation procedure also in case of the production of content data. Even though there is a subsequent notification procedure, it would help to accelerate the procedure if potential reasons to rule out the issue were checked before releasing the order.
IV. On the binding effect of raised objections in the notification and consultation procedure:
Insofar as the General Approach of 30 November 2018 provides for immunities and other privileges, which are granted under the law of the enforcing State, as well as provisions on the determination and limitation of criminal liability with regards to freedom of press and freedom of expression to be claimed in a notification procedure (content data) or a consultation procedure (transactional data), the draft regulation does not make it clear enough that the issuing State is obliged to follow the objections raised in the notification procedure. The risk of access to data across the Union, however, is only acceptable if the enforcing State can claim their objections in terms of a “hard right to object”.
V. On the speciality principle:
The General Approach of 30 November 2018 stipulates that the data requested shall only be used for the purpose of proceedings other than those for which it was obtained if they are used for proceedings for which a European Production Order could have been issued. In such a case of “secondary or additional use”, it seems to be appropriate and advisable to carry out a new notification procedure. This is the only way to ensure that the enforcing State can check, for example, aspects of freedom of speech and immunity in the light of other alleged crimes and object them where appropriate.
VI. On the duration of data preservation:
From the point of view of practical criminal investigations, it would be desirable to extend the duration of data preservation beyond 60 days or at least to allow for a further period of 60 days of data preservation so as not to “provoke” European Production Orders before the relevance of the requested data can be assessed in ongoing investigations.