Skip to main content
Top

2023 | OriginalPaper | Chapter

Legal Framework for Digital Evidence Following the Implementation of the EIO Directive: Status Quo, Challenges and Experiences in Member States

Authors : Melania Tudorica, Jeanne Mifsud Bonnici

Published in: European Investigation Order

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Currently, the leading legal instrument for the exchange of digital evidence within the European Union (EU) is the European Investigation Order (EIO), which will be digitised within the eEDES system. The EIO Directive 2014/41/EU was implemented to create a simpler, unified European framework on the collection of evidence within the EU, backed by the appropriate procedural and fundamental rights standards. In spite of this, there is still a lot of fragmentation in the legal framework as regards digital evidence, especially considering that the EIO does not apply to all countries equally or to the collection of all types of evidences equally. For EU states that have opted out of the EIO Directive, such as Ireland and Denmark, traditional Mutual Legal Assistance (MLA) legal instruments need to be relied upon.
The fragmentation is a result of a scattered legal framework which consists of national, European and international laws and regulations, bilateral agreements and multilateral agreements which all play a role in regulating the gathering, analysis and exchange of digital evidence. Countries cooperate by way of MLA in cross-border criminal cases and exchange digital evidence based on these instruments. The choice of instrument depends on the countries involved and the type of information needed. With the EIO now being the leading legal instrument for exchanging evidence, the choice of legal instrument for requesting evidence seems to be clearer. However, uncertainty about this legal instrument and the fact that some Member States have opted out of the EIO Directive are still challenging the exchange of evidence and leading to Member States relying on traditional MLA legal instrument. These MLA legal instruments are slower as they can take a long time to be executed. This can be problematic considering the volatile nature of digital evidence, which can easily be moved, altered or even deleted.
This Chapter is devoted to understanding the current legal framework for the exchange of digital evidence, including data protection considerations, and the challenges that come with it in the post-EIO implementation era. The focus of this Chapter will be on the European situation as the EIO Directive will be the central legal instrument discussed in this chapter. This Chapter combines the results of the INSPECTr project and the Evidence 2 E-codex project and also uses experiences from the TREIO project (For the INSPECTr project see https://​inspectr-project.​eu and INSPECTr Deliverable D2.1: Intelligence Network and Secure Platform for Evidence Correlation and Transfer, Deliverable D2.1, Initial Legislative compliance relating to law-enforcement powers and evidence requirements; For the EVIDENCE 2 E-codex project see: https://​evidence2e-codex.​eu and Deliverables D2.1 and D2.2: EVIDENCE2E-CODEX Deliverable D2.1, Linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe—Report on implementation of EIO; EVIDENCE2E-CODEX Deliverable D2.2, Linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe—Report on EIO and MLA; For the TREIO project see https://​treio.​eu, project ongoing.).

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
Some countries may have a common law legal system where the body of law is mainly derived from case whereas other countries may have a civil law legal system where the body of law is derived from codified legal Acts. Civil law can furthermore be divided within different ‘schools’, by which the body of law is influenced, such as Napoleonic and Germanic law.
 
2
United Nations Office on Drugs and Crime, Comprehensive Study on Cybercrime, draft February 2013, p. 158.
 
3
Ireland has signed the Cybercrime Convention, but not ratified it. While signing means that the terms of the Convention have been agreed upon by the States Parties to the convention, ratification is required following national procedures in order to become binding law. Ireland has however implemented the EU’s Directive on Security of Network and Information Systems (NIS), which has provisions that are similar to the provisions of the Cybercrime Convention. As such, Ireland has already partly given effect to the provisions of the Cybercrime Convention. Ratification of the Cybercrime Convention will most likely follow after the entry into force of a new Irish Cybercrime Act. See http://​www.​justice.​ie/​en/​JELR/​Pages/​SP19000010.
 
4
In the case of Ireland for example, MLA to and from Ireland cannot be requested based upon the EIO or the Cybercrime Convention: other legal instruments need to be resorted to.
 
6
World’s largest international police organisation under international law, global coordinating body, aiding in mutual assistance, also provides targeted training, expert investigative support, relevant data and secure communications channels and facilitates international police cooperation.
 
7
The European Police Office (Europol) assists Member States in their fight against serious international crime and terrorism. It also includes the Europol European cybercrime centre (EC3) specialised in cybercrimes.
 
8
Eurojust assists Member States when dealing with cross border criminal matters by stimulating and improving cooperation and coordination of investigations and prosecutions between Member States, for example by facilitating the execution of international MLAs and extradition requests.
 
9
The European Network and Information Security Agency (ENISA) is the EU’s centre of expertise for the purpose of ensuring a high and effective level of network and information security within the EU which assists the EU and the Member States and cooperates with the private sector.
 
10
As indicated by the Estonian respondent in the INSPECTr project, see: Intelligence Network and Secure Platform for Evidence Correlation and Transfer, Deliverable D2.1, Initial Legislative compliance relating to law-enforcement powers and evidence requirements.
 
11
As these MLA legal instruments cannot be left out of the equation considering that they are still in effect and the EIO does not apply to all Member States.
 
12
Treaty of Lisbon amending the Treaty on European Union and the Treaty Establishing the European Community [2007] OJ C 306/01.
 
13
Consolidated version of the Treaty on the Functioning of the European Union [2012] OJ C 326/47.
 
14
Article 67 (3) TFEU.
 
15
See Article 4 (2) of the Treaty on the European Union (TEU): Consolidated version of the Treaty on European Union [2012] OJ C 326/13.
 
16
Chalmers et al. (2010, p. 582).
 
17
See Article 83 (1) TFEU.
 
18
See Article 82 (1) TFEU.
 
19
Joint communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace [2013] JOIN(2013) 1 final, p 9–15; see also Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA [2013] OJ L 218, Recital 15.
 
20
Convention on Cybercrime [2001] ETS No. 185.
 
21
European Convention on Mutual Assistance in Criminal Matters [1959] ETS No. 030.
 
22
Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters [1978] ETS No. 099.
 
23
Council of Europe Data Protection and Cybercrime Division, Electronic Evidence Guide A basic guide for police officers, prosecutors and judges version 1.0, Strasbourg, France, 18 March 2013.
 
24
Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters [2014] OJ L131/1.
 
25
A number of (corresponding provisions of) other legal instruments were replaced by the EIO Directive, this includes the European Convention on Mutual Assistance in Criminal Matters (including Protocols and bilateral agreements); the Convention implementing the Schengen Agreement; the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union and its protocol; and the European Evidence Warrant Framework Decision. See Article 34 of the EIO Directive.
 
26
Espina Ramos (2019, p. 53).
 
27
See Recital 35 EIO Directive.
 
29
Article 6 EIO Directive.
 
30
See Article 9(1) EIO Directive.
 
31
Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union [2000] OJ C 197/3.
 
32
Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union [2000] OJ C 197/1.
 
33
Article 1 Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000/C 197/01) [2000] OJ C 197/3.
 
34
Article 3 Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000/C 197/01) [2000] OJ C 197/3.
 
35
Articles 5 and 6 Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union (2000/C 197/01) [2000] OJ C 197/3.
 
36
The Schengen acquis—Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders [2000] OJ L 239/19. See also: Regulation (EC) no 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) [2006] OJ L 381/4; Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) [2007] OJ L 205/63; Regulation (EC) No 1986/2006 of the European Parliament and of the Council of 20 December 2006 regarding access to the Second Generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates [2006] OJ L 381/1.
 
37
For more in-depth analysis of these limitations see for example: Velicogna (2014, pp. 185–215) and Bellanova and Glouftsios (2022, pp. 160–184).
 
38
Article 1 (1) EAW Decision.
 
39
Surrender of the suspect by one police force to another foreign police force.
 
40
Article 10 (3) EAW Decision.
 
41
Chalmers et al. (2010, cit., p. 599) and De Sousa Santos (2010).
 
42
Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union [2006] OJ L 386/89.
 
43
Article 1 (1) and Recital 4 Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union [2006] OJ L 386/89.
 
44
See Article 3 Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union [2006] OJ L 386/89.
 
45
European Convention on Mutual Assistance in Criminal Matters [1959] ETS No. 030.
 
46
Article 1 (1) European Convention on Mutual Assistance in Criminal Matters [1959] ETS No. 030.
 
47
Article 3 (1) European Convention on Mutual Assistance in Criminal Matters [1959] ETS No. 030.
 
48
Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters [1978] ETS No. 099 and Second Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters [2001] ETS No. 182.
 
49
Article 4 (1) Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters [2001] ETS No. 182.
 
50
Article 4 (7) Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters [2001] ETS No. 182.
 
51
Convention on Cybercrime [2001] ETS No. 185. As of 2021, the Cybercrime Convention currently has 65 ratifications and 3 signatures not yet followed by ratification.
 
52
See Council of Europe, “Explanatory report to the Convention of Cybercrime” (ETS No 185), p. 4.
 
53
Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence. The Second Additional Protocol will be opened for signature in May 2022.
 
55
Recommendation for a Council Decision authorising the opening of negotiations in view of an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters, COM(2019) 70 final.
 
56
Recommendation for a Council Decision authorising the participation in negotiations on a second Additional Protocol to the Council of Europe Convention on Cybercrime (CETS No. 185), COM(2019) 71 final.
 
57
Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters, COM (2018) 225 final.
 
58
Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings, COM (2018) 226 final.
 
59
See Article 2 of the Proposed Regulation.
 
61
Charter of Fundamental Rights of the European Union [2000] OJ C 364/01.
 
62
Interference may take place if it is provided for by law; necessary and proportionate in a democratic society and in the interests of national security, public safety or the economic well-being of the country; for the prevention of disorder or crime; for the protection of health or morals; or for the protection of the rights and freedoms of others.
 
63
Safeguards include for example judicial or other independent supervision, grounds justifying application, limitation of the scope and the duration of investigative powers and procedures.
 
64
Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms [1950] ETS No. 005 and Article 7 of the Charter of Fundamental Rights of the European Union [2000] OJ C 364/01.
 
65
Article 8 of the Charter of Fundamental Rights of the European Union [2000] OJ C 364/01 and Article 16 (1) of the Consolidated version of the Treaty on the Functioning of the European Union [2012] OJ C 326/47.
 
66
Convention for the protection of individuals with regard to automatic processing of personal data [1981] ETS No. 108. Convention 108 was modernised in 2018 by the adoption of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data [2018] ETS No. 223 and is now referred to as Convention 108+.
 
67
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281/31.
 
68
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1, hereinafter GDPR.
 
69
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA [2016] OJ L 119/89.
 
70
Personal data as any information that can directly or indirectly identify or help to identify a person. Indirectly identifiable means that data relates to an individual, but not necessarily immediately identifies the individual. This is also considered to be personal data considering that an individual can still be identified by combining the data with other sources.
 
71
See Recital 15 GDPR.
 
72
See Article 2 GDPR.
 
73
See recital 10 LED.
 
74
See recital 11 LED.
 
75
See recital 15 LED.
 
76
See recital 7 LED.
 
77
See recital 26 LED.
 
78
Ibidem.
 
79
Article 5 LED.
 
80
Article 29 LED.
 
81
Article 6 LED.
 
82
Article 10 LED.
 
83
Article 35 LED.
 
84
Article 36 LED.
 
85
Article 37 LED.
 
86
Article 38 LED.
 
88
See answers provided to the questionnaire in the INSPECTr project: Intelligence Network & Secure Platform for Evidence Correlation and Transfer, Deliverable D2.1, Initial Legislative compliance relating to law-enforcement powers and evidence requirements.
 
89
As opposed to a Regulation for instance, which is directly applicable to all Member States.
 
90
See for more information on EIO practices in Member States: Report from the Commission to the European Parliament and the Council on the implementation of Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters (COM/2021/409 final), available at https://​eur-lex.​europa.​eu/​legal-content/​EN/​TXT/​?​uri=​CELEX%3A52021DC0409&​qid=​1650539233383; Eurojust, European Judicial Network, Joint Note of Eurojust and the European Judicial Network on the practical application of the European Investigation Order, 2019, ISBN: 978-92-9490-398-3, available at https://​www.​eurojust.​europa.​eu/​sites/​default/​files/​assets/​eurojust_​ejn_​joint_​note_​practical_​application_​european_​investigation_​order.​pdf; Eurojust, Report on Eurojust’s casework in the field of the European Investigation Order, 2020, ISBN: 978-92-9490-502-4, available at https://​www.​eurojust.​europa.​eu/​sites/​default/​files/​2020-11/​2020-11_​EIO-Casework-Report_​CORR_​.​pdf.
 
91
See EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, pp. 33–36.
 
92
Some best practices have been developed to handle translation issues, this includes a request for a new translation and asking Eurojust for assistance. This can however delay the process even further. See EVIDENCE2E-CODEX Deliverable D2.1, Linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, p. 30.
 
93
Ruggeri (2014, p. 8).
 
94
Schunemann (2014, p. 29) and Arasi (2014, p. 135).
 
95
See for more on this debate: EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO.
 
96
See EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, p. 30.
 
97
See EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, p. 31.
 
98
I.e. Ireland and Denmark.
 
99
See EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, p. 29.
 
100
See Recital 35 EIO directive. For a more extensive overview of challenges see Guerra and Janssens (2019, pp. 46–53).
 
101
See Sayers (2011, p. 8) and Jurka and Zajanckauskiene (2016, p. 56).
 
102
Belfiore (2014, p. 101). See EVIDENCE2E-CODEX deliverable D2.1, linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe: report on implementation of EIO, p. 26 and answers to the questionnaire.
 
103
Espina Ramos (2019, p. 53).
 
Literature
go back to reference Arasi S (2014) The EIO proposal and the rules on interception of telecommunications. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin Arasi S (2014) The EIO proposal and the rules on interception of telecommunications. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin
go back to reference Belfiore R (2014) Critical remarks on the proposal for a european investigation order and some considerations on the issue of mutual admissibility of evidence. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin Belfiore R (2014) Critical remarks on the proposal for a european investigation order and some considerations on the issue of mutual admissibility of evidence. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin
go back to reference Bellanova R, Glouftsios G (2022) Controlling the schengen information system (SIS II): the infrastructural politics of fragility and maintenance. Geopolitics 27(1):160–184CrossRef Bellanova R, Glouftsios G (2022) Controlling the schengen information system (SIS II): the infrastructural politics of fragility and maintenance. Geopolitics 27(1):160–184CrossRef
go back to reference Chalmers D, Davies G, Monti G (2010) European union law. Cambridge University Press, CambridgeCrossRef Chalmers D, Davies G, Monti G (2010) European union law. Cambridge University Press, CambridgeCrossRef
go back to reference Espina Ramos JA (2019) The European Investigation order and its relationship with other judicial cooperation instruments. EUCrim 1/2019 Espina Ramos JA (2019) The European Investigation order and its relationship with other judicial cooperation instruments. EUCrim 1/2019
go back to reference Guerra JE, Janssens M (2019) Legal and practical challenges in the application of the European investigation order: summary of the Eurojust meeting of 19–20 September 2018, EUCrim 1/2019 Guerra JE, Janssens M (2019) Legal and practical challenges in the application of the European investigation order: summary of the Eurojust meeting of 19–20 September 2018, EUCrim 1/2019
go back to reference Jurka R, Zajanckauskiene J (2016) Movement of evidence in the European union: challenges for the European investigation order. Baltic J Law Politics 9(2):56–84CrossRef Jurka R, Zajanckauskiene J (2016) Movement of evidence in the European union: challenges for the European investigation order. Baltic J Law Politics 9(2):56–84CrossRef
go back to reference Ruggeri S (2014) Introduction to the proposal of a European investigation order: due process concerns and open issues. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, BerlinCrossRef Ruggeri S (2014) Introduction to the proposal of a European investigation order: due process concerns and open issues. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, BerlinCrossRef
go back to reference Schunemann B (2014) The European investigation order: a rush into the wrong direction. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin Schunemann B (2014) The European investigation order: a rush into the wrong direction. In: Ruggeri S (ed) Transnational evidence and multicultural inquiries in Europe: developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Berlin
go back to reference Velicogna M (2014) The making of pan-European infrastructure: from the schengen information system to the European arrest warrant. In: The circulation of agency in e-justice. Springer, Berlin Velicogna M (2014) The making of pan-European infrastructure: from the schengen information system to the European arrest warrant. In: The circulation of agency in e-justice. Springer, Berlin
Metadata
Title
Legal Framework for Digital Evidence Following the Implementation of the EIO Directive: Status Quo, Challenges and Experiences in Member States
Authors
Melania Tudorica
Jeanne Mifsud Bonnici
Copyright Year
2023
DOI
https://doi.org/10.1007/978-3-031-31686-9_9