Abstract
Currently, the leading legal instrument for the exchange of digital evidence within the European Union (EU) is the European Investigation Order (EIO), which will be digitised within the eEDES system. The EIO Directive 2014/41/EU was implemented to create a simpler, unified European framework on the collection of evidence within the EU, backed by the appropriate procedural and fundamental rights standards. In spite of this, there is still a lot of fragmentation in the legal framework as regards digital evidence, especially considering that the EIO does not apply to all countries equally or to the collection of all types of evidences equally. For EU states that have opted out of the EIO Directive, such as Ireland and Denmark, traditional Mutual Legal Assistance (MLA) legal instruments need to be relied upon.
The fragmentation is a result of a scattered legal framework which consists of national, European and international laws and regulations, bilateral agreements and multilateral agreements which all play a role in regulating the gathering, analysis and exchange of digital evidence. Countries cooperate by way of MLA in cross-border criminal cases and exchange digital evidence based on these instruments. The choice of instrument depends on the countries involved and the type of information needed. With the EIO now being the leading legal instrument for exchanging evidence, the choice of legal instrument for requesting evidence seems to be clearer. However, uncertainty about this legal instrument and the fact that some Member States have opted out of the EIO Directive are still challenging the exchange of evidence and leading to Member States relying on traditional MLA legal instrument. These MLA legal instruments are slower as they can take a long time to be executed. This can be problematic considering the volatile nature of digital evidence, which can easily be moved, altered or even deleted.
This Chapter is devoted to understanding the current legal framework for the exchange of digital evidence, including data protection considerations, and the challenges that come with it in the post-EIO implementation era. The focus of this Chapter will be on the European situation as the EIO Directive will be the central legal instrument discussed in this chapter. This Chapter combines the results of the INSPECTr project and the Evidence 2 E-codex project and also uses experiences from the TREIO project (For the INSPECTr project see
https://inspectr-project.eu and INSPECTr Deliverable D2.1: Intelligence Network and Secure Platform for Evidence Correlation and Transfer, Deliverable D2.1, Initial Legislative compliance relating to law-enforcement powers and evidence requirements; For the EVIDENCE 2 E-codex project see:
https://evidence2e-codex.eu and Deliverables D2.1 and D2.2: EVIDENCE2E-CODEX Deliverable D2.1, Linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe—Report on implementation of EIO; EVIDENCE2E-CODEX Deliverable D2.2, Linking EVIDENCE into e-CODEX for EIO and MLA procedures in Europe—Report on EIO and MLA; For the TREIO project see
https://treio.eu, project ongoing.).