Cross-border access to data for law enforcement: Document pool

The European Commission proposed a Regulation on cross-border access to and preservation of electronic data held by service providers and a Directive to require service providers to appoint a legal representative within the EU in April 2018.

On 7 December 2018, the Council of the European Union reached a general approach on the text, that is to say a political agreement on a negotiating position to enter the negotiations with the European Parliament. The Civil Liberties, Justice and Home Affairs Committee of the Parliament decided to first make a thorough assessment in a series of working documents of the Commission’s proposal before adopting its position. Rapporteur Birgit Sippel MEP released her draft report in November 2019. After a year of negotiations disrupted by the COVID-19 crisis, the final report was adopted by the Committee on 7 December. The trilogue negotiations between the Parliament and the Council begun in February 2021 and ended in December 2022 with a final compromise text.

The United States, adopted its own piece of legislation in a rush, the US Clarifying Lawful Use of Overseas Data (CLOUD) Act. The bill allows to access data stored outside of US territory while bypassing the legal safeguards of traditional international cooperation frameworks.

In parallel, the Council of Europe (CoE) has been also preparing a new protocol to the Convention on Cybercrime (also known as “the Budapest Convention”) on cross-border access to data by law enforcement authorities. This Second Protocol was finalised in May 2021 and formerly adopted on 17 November 2021 by the Committee of Ministers of the Council of Europe. The text will be opened for signature in May 2022. On 25 November 2021, the European Commission published two proposals for Council decisions authorising Member States to sign and to ratify the Protocol, in the interest of the European Union. On 17 January 2023, the European Parliament gave its consent for the adoption of the Council decision authorising the ratification.

EDRi has been sending submissions to all institutions to ask for human rights to be respected. In this document pool, you will find the relevant information, documents and analyses on the e-evidence proposals. We’ve been updating this document pool as the process advanced.

Last update: 6 June 2023.

Table of Contents

European Union legislative process
EDRi’s analysis and recommendations
Legislative and institutional documents
EDRi’s blogposts and press releases
Key policymakers
Other

Council of Europe Second Additional Protocol to the Budapest Convention
EDRi’s recommendations
Official draft provisions
EDRi’s blogposts and press releases

---

European Union’s legislative process

EDRi’s analysis and recommendations:

• EDRi’s response to the public consultation on improving cross-border access to electronic evidence in criminal matters organised by the European Commission (27.10.2017)
• Position paper on the Commission’s proposal for cross-border access to data for law enforcement purposes (12.04.2019)
• Joint letter of the e-evidence coalition to the European Parliament’s Civil Liberties Committee (14.09.2020)
• Joint letter: Trilogue negotiations on the e-evidence proposal. European media and journalists, civil society groups, professional organisations and technology companies call on decision makers to protect fundamental rights (18.05.2021)
• Demonstrating gaps in the e-Evidence Regulation (20.10.2021)
• Comments on the Council’s reaction to the European Parliament’s proposals for compromise addressed to the Rapporteur in a letter dated 17 March 2022 (04.05.2022)
  
• Joint letter: Political compromise on the e-evidence proposal European media and journalists, civil society groups and technology companies call on decision-makers to improve fundamental rights protections (22.11.2022)

Legislative and institutional documents:

• European Commission
  • Commission’s Proposal for a Regulation (17.04.2018)
  • Commission’s Proposal for a Directive (17.04.2018)
  • Commission’s Impact Assessment on both proposals (17.04.2018)
  • Commission’s Report of open public consultation on e-evidence (20.04.2019)
  • Council’s Recommendation authorising the opening of negotiations in view of an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters and its annex (05.02.2019)
  • Council’s Recommendation authorising the participation in negotiations on a second Additional Protocol to the
    Council of Europe Convention on Cybercrime and its annex (05.02.2019)
• Council
  • Council negotiating position (adopted on 12.12.2018)
• European Parliament
  • Civil Liberties Committee (LIBE)
    • 1st working document (07.12.2018)
    • 2nd (A, B) and 3rd (A, B) working documents (13.02.2019)
    • 4th (A, B, C) and 5th (A, B, C) working documents (11.03.2019)
    • 6th (A, B, C) and 7th working documents (01.04.2019)
    • Draft report (11.11.2019)
    • LIBE amendments: AMs 268 – 582 & AMs 583 – 841
    • Final report (11.12.2020)
• Trilogues
  • French Council Presidency note to JHA Counsellors (leaked by Statewatch) (17.06.2022)
  • Portuguese Council Presidency report on the State of Play (leaked by Statewatch) (30.06.2021)
  • Slovenian Council Presidency note on state of play and possible ways forward (leaked by Statewatch) (16.09.2021)
  • Slovenian Council Presidency updated note on state of play and way forward (leaked by Statewatch)(30.09.2021)
  • Final compromise text put to the vote (25.01.2023)
• European Data Protection Supervisor
  • Opinion of the European Data Protection Supervisor (EDPS) on the negotiating mandate of an EU-US agreement on cross-border access to electronic evidence (02.04.2019)
  • Opinion of the EDPS regarding the participation in the negotiationsin view of a Second Additional Protocol to the Budapest Cybercrime Convention (02.04.2019)
  • Opinion of the EDPS on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters (08.11.2019)
• Others
  • Article 29 Working Party statement on data protection and privacy aspects of cross-border access to electronic evidence (29.11.2017)
  • Opinion of the European Economic and Social Committee on evidence in criminal proceedings (11.07.2018)
  • Opinion of the European Data Protection Board (26.09.2018)

More information in EUR LEX (EU Database on preparatory acts) and OEIL (European Parliament’s Legislative Observatory)

EDRi’s blogposts and press releases:

• e-Evidence compromise blows a hole in fundamental rights safeguards (07.02.2023)
• “e-Evidence” trilogues: what’s left of fundamental rights safeguards? (22.11.2022)
• “E-evidence” negotiations: European Parliament must stand its grounds (04.05.2022)
• E-evidence regulation: Why it matters for medical confidentiality? (19.01.2022)
• Stories reveal profound flaws in the “e-Evidence Regulation” (20.10.2021)
• “E-evidence” state of play: Building compromises, sweeping rights under the carpet (06.10.2021)
• “E-evidence” negotiations: a call to protect media freedoms and democratic rights from abusive cross-border orders (19.05.2021)
• “E-evidence”: Mixed results in the European Parliament (09.12.2020)
• EDRi with 25 organisations urge Parliament to protect journalists, doctors, lawyers, social services (14.09.2020)
• E-evidence and human rights: The Parliament is not quite there yet (04.03.2020)
• Click here to allow notifications in cross-border access to data (26.02.2020)
• Double legality check in e-evidence: Bye bye “direct data requests” (12.02.2020)
• “E-evidence”: Repairing the unrepairable (14.11.2019)
• EU rushes into e-evidence negotiations without common position (19.06.2019)
• LIBE Committee analysis: Challenges of cross-border access to data (13.02.2019)
• EU Council’s general approach on “e-evidence”: From bad to worse (19.12.2018)
• Growing concerns on “e-evidence”: Council publishes its draft general approach (05.12.2018)
• Joint Civil society letter to Member States about their draft position on “e-evidence” (05.12.2018)
• Independent study reveals the pitfalls of “e-evidence” proposals (10.10.2018)
• Wiretapping & data access by foreign courts? Why not! (13.06.2018)
• EU “e-evidence” proposals turn service providers into judicial authorities (17.04.2018)
• CLOUD Act: Civil society urges US Congress to consider global implications (19.03.2018)
• Access to e-evidence: Inevitable sacrifice of our right to privacy? (14.06.2017)
• RightsCon session on cross-border access to e-evidence – key interventions (10.04.2017)

Key policymakers

European Parliament Lead Committee: Civil Liberties, Justice and Home Affairs (LIBE)

• Rapporteur: Birgit Sippel (S&D)
• Shadow Rapporteurs:
  • Nuno Melo (EPP)
  • Lucia Ďuriš Nicholsonová (ECR)
  • Moritz Körner (RE)
  • Cornelia Ernst (GUE/NL)
  • Sergey Lagodinski (Greens/EFA)
  • Annalisa Tardino (ID)

Key dates*:

• Commission
  • Proposal release: 12/04/2018
• LIBE
  • Deadline for tabling amendments: 27.11.2019
  • Vote on the Report: 7 December 2020
• Trilogues
  • Start: February 2021
  • Next political meeting: October 2022
• Final votes
  • European Parliament’s Civil Liberties Committee (LIBE) vote: 31 January 2023
  • European Parliament’s plenary vote: 13 June 2023

*subject to change

Other:

• Free Knowledge Advocacy Group EU, E-Evidence: trilogues kick off on safeguards vs. efficiency (07.04.2021)
• Free Knowledge Advocacy Group EU, E-Evidence: Let’s Keep Reader Data Well Protected! (15.01.2021)
• European Parliament Research Service’s assessment of the Commission’s proposals on electronic evidence (09.2018)
• Joint Civil society letter to the Members of the US Congress on the US CLOUD Act (19.03.2018)

Council of Europe Second Additional Protocol to the Budapest Convention

EDRi’s recommendations:

• Key points regarding the Cybercrime Convention Convention Committee (T-CY) report: Criminal justice access to electronic evidence in the cloud: Recommendations for consideration by the T-CY by Prof. Douwe Korff (16.09.2016)
• Letter to the Council of Europe Steering Committee on Media and Information Society on the final report of the T-CY Cloud Evidence Group (10.11.2016)
• Position paper on the Cybercrime Convention – cross-border access to electronic evidence (17.01.2017)
• Joint Civil society letter to the Secretary General of the Council of Europe on the draft Second Additional Protocol to the Convention on Cybercrime (03.04.2018)
• Joint Civil Society Response to Discussion Guide on a 2nd Additional Protocol to the Budapest Convention on Cybercrime (28.06.2018)
• Comments on the provisional draft text on “emergency mutual assistance” and “languages of requests” of the Cybercrime Convention Committee (T-CY) (20.02.2019)
• Joint Civil Society Response to the provisional draft text of the Second Additional Protocol to the Budapest Convention on Cybercrime (08.11.2019)
• Joint Civil Society Response to the provisional draft text on “Joint investigation teams and joint investigations”, “Expedited disclosure of stored computer data in an emergency” and “Requests for domain name registration information” (15.12.2020)
• Joint Civil Society letter for the 6th round of consultation on the Cybercrime Protocol on the first complete draft of the Protocol (02.05.2021)
• Privacy & Human Rights in Cross-Border Law Enforcement. Joint Civil Society Comment to the Parliamentary Assembly of the Council of Europe (PACE) on the Second Additional Protocol to the Cybercrime Convention (CETS 185) (02.08.2021)
• Ratification by EU Member States of the Second Additional Protocol of the Council of Europe Cybercrime Convention. Why is the opinion of the Court of Justice of the European Union necessary? (13.04.2022)

Official draft provisions

Final texts (explanatory report and executive protocol) available in this press release.

Visit the Council of Europe’s website to follow the consultations rounds.

EDRi’s blogposts and press releases

• New Cybercrime Protocol will undermine our privacy to compensate for the rising powers of law enforcement authorities (13.04.2022)
• EFF to Council of Europe: Flawed Cross Border Police Surveillance Treaty Needs Fixing (08.02.2021)
• Council of Europe’s Actions Belie its Pledges to Involve Civil Society in Development of Cross Border Police Powers Treaty (23.07.2021)
• Civil society warn against rushed global treaty for intrusive cross-border police powers (08.06.2021)
• New Cybercrime Protocol: weak safeguards against big risks of abuse (19.05.2021)
• New Cybercrime Protocol: More overreach, still no data protection safeguards (21.12.2020)
• Transborder data access: Strong critics on plans to extend CoE Cybercrime Treaty (05.06.2013)
• RightsCon session on cross-border access to e-evidence – key interventions (10.04.2017)
• Cross-border access to data: EDRi delivers international NGO position to Council of Europe (18.09.2017)
• New Protocol on cybercrime: a recipe for human rights abuse? (25.07.2018
• Cross-border access to data has to respect human rights principles (20.09.2017)
• Nearly 100 public interest organisations urge Council of Europe to ensure high transparency standards for cybercrime negotiations (03.04.2018)