This post is also available in: עברית (Hebrew)
In response to the rise of terrorism across Europe, the European Commission (EC) is proposing new legislation to speed up the transfer of crucial data from companies such as Facebook and Google, even when it is stored in another EU member state – which is often a slow process. The EC is set to propose three options that will form the basis of a future legislative proposal.
EU Justice Commissioner Vera Jourova said: “I am sure that in the shadow of recent terrorist attacks and increasing threats in Europe, there will be more understanding among the ministers, even among those who come from countries where there has not been a terrorist attack”. EU justice ministers will meet in Brussels to discuss the EC’s proposals, which will then form the basis of a motion put forward early 2018.
Of the three EC proposals, the least intrusive option involves allowing law enforcement agencies in one member state to ask an IT provider in another member state to turn over electronic evidence, without having to ask that member state first. The second option would see the companies obliged to turn over data if requested by law enforcement agencies in other member countries. The most intrusive option, allowing law enforcement agencies direct access to information in the cloud, is being suggested for situations where authorities do not know the location of the server hosting the data or there is a risk of the data being lost.
“This third option is kind of an emergency possibility which will require some additional safeguards protecting the privacy of people,” Jourova told guardian.com. “You simply can’t massively collect some digital data for some future use. My preference is to go for this as an extraordinary measure for extraordinary threats” Jourova said. Currently, law enforcement agencies in Germany seeking data stored in Ireland, the location of many US tech firms’ European headquarters, have to rely on Irish authorities requesting the data from them.
It is a fine line between speeding law enforcement efforts in moments of crisis and eroding user data privacy, with critics saying that maintaining user trust in the cloud is critical, particularly where that data could be seized. Direct access to user data would raise many questions over privacy and safeguards.
Microsoft recently won a high-profile battle against the US Department of Justice’s request that it turn over emails stored on a server in Ireland in which the EC backed Microsoft saying that EU-held data should not be directly accessed by foreign authorities.