In news that would likely make Theresa May second guess her commitment to Brexit, the EU has announced that it was to speed up the processes that let police retrieve electronic evidence stored in other EU countries by US-based tech companies.
The timing of this is no coincidence, and in the wake of terrorist attacks taking place across Europe, the EU is hoping to speed up the data transfer process. At the moment this process is rather slow, even if the data police are trying to access is being held in another EU country.
This is being brought to the attention of the EU because of German law enforcement attempting to gain access to data stored in Irish servers. Ireland hosts the European Headquarters for a number of US tech companies, including Facebook and Microsoft, and the process is being delayed by the fact the police have to use the Irish government as an intermediary when requesting data access.
There are currently three proposals, which EU justice ministers are set to discuss later today. The results of that discussion will form the basis of legislation that would be put forward sometime in the first half of next year.
The first of the proposals involves allowing police to directly request electronic evidence from an IT company based in another EU state, without having to go to that country's government first. The second would make companies obligated to hand over electronic evidence to EU-based law enforcement. The third is a lot more intrusive, and would give police direct access to data in the cloud - for situations where police do not know the real-world location of data, or if there is a risk of data being lost.
EU Justice Commissioner Vera Jourova says that the third option is only an emergency option, with safeguards in place to protect peoples' privacy, saying:
"You simply cannot massively collect some digital data for some future use. My preference is to go for this as an extraordinary measure for extraordinary threats, for high gravity criminal offences such as terrorism and there I am in favour of enabling the use of personal data."
The type of data that law enforcement will be able to access in this way is also up for discussion, including location data, traffic data, and personal communications.
I'm all for making it easier for law enforcement to access data they need in their investigations, though direct access to user data feels like things could be taken too far. However should these proposals end up being enacted as legislation, however much the specifics might change in the meantime, it makes me wonder what this means about the court case where the US was trying to force Microsoft to hand over data stored on Irish servers.
The US argued that Microsoft, being a US-based company, had to comply with warrants issued by a US court. Microsoft said it would comply if authorities got a warrant from the country hosting the server - in this case Ireland. A court case found that Microsoft was right, a decision that was backed by the European Commission. Now it sounds as though the EC wants to give member states the right to do what the US was attempting. Though, presumably, since bureaucratic barriers would only be removed for EU members, there will be plenty of regulations all parties have to adhere to - rather than blanket access to whatever data they feel like claiming. [The Guardian]