The conclusion of an agreement between the EU and the United States on cross-border access to electronic evidence still seems a long way off. A report produced by the European Commission on the second round of negotiations, held in Washington on 6 November (see EUROPE 12348/17), identifies several difficulties and substantive issues that remain to be resolved.
The document, posted online on 24 November by Statewatch, states that this meeting allowed the EU and US delegations “to deepen their understanding of the respective provisions in the EU’s electronic evidence package and the US CLOUD Act and related legislation”.
The United States also presented the main elements of the bilateral agreement signed on 3 October under the CLOUD Act between the United Kingdom and the United States, which allows law enforcement authorities on both sides, in criminal investigations, direct access to electronic data stored by companies in the other country (see EUROPE 12344/7).
According to the document, the European Commission raised a series of legal questions and concerns about the agreement. It has reportedly already sent a letter on this subject to the British authorities last 5 November.
Much of the discussion focused on the need for strong data protection, says the Commission in its report. The Commission has thus stressed the need to have a legal basis for the processing of personal data by service providers, as required by the General Data Protection Regulation (GDPR).
The Commission also questioned the data protection safeguards applied in the United States. The United States, for its part, has expressed concern about the rule of law situation in a number of EU Member States, the document says.
The negotiators also discussed the categories of data that should be considered for the agreement, based on the existing definitions used in the EU, U.S. and the Council of Europe ‘Budapest’ Convention on Cybercrime. In this respect, the Commission stressed that it will be important that transactional data is treated in the same way as content data in terms of safeguards.
On types of offences that should be considered, the Commission presented a possible approach based on a threshold, accompanied by a list of offences which could ensure that offences such as the sharing of child sexual abuse images or some terrorist offences are included.
Again, however, no decision has been taken. The United States committed to examining how the list covered by the e-evidence Regulation would correlate with existing US law.
Once the substantive issues have been resolved, the negotiators will have to address the thorny issue of the form of the agreement (see EUROPE 12355/20). The Commission wants to negotiate a comprehensive agreement for the EU as a whole, while the United States is standing firm on its position of negotiating bilateral agreements with Member States.
Richard Downing, a member of the criminal division of the US Department of Justice, has recently been sceptical about the possibility of reaching a single agreement, valid for all European countries (see EUROPE 12374/18).
The next negotiating meeting is scheduled for 10 December in Washington, just before the meeting of the European and US ministers of justice. See the document: http://bit.ly/2OFH8WA (Original version in French by Marion Fontana)