Lawful access to data by law enforcement authorities - European Commission identifies future actions in a new ‘roadmap’

On Tuesday 24 June, the European Commission presented its ‘Roadmap for lawful and effective access to data for law enforcement’, namely to enable law enforcement authorities to legally access data needed for investigations or prosecutions.

“Terrorism, organised crime, online fraud, drug trafficking, child sexual abuse, sexual extortion, ransomware, and other offences all share a common feature: they leave digital traces. With 85% of criminal investigations now relying on electronic evidence, law enforcement authorities need better tools and a modernised legal framework to access digital data in a lawful manner while ensuring full respect of fundamental rights”, explains a Commission press release.

The ‘Roadmap’ focuses on six areas and identifies future actions.

First, on the retention of telephone and messaging data, an area for which a draft directive was invalidated by the EU Court of Justice in 2014, the Commission will relaunch an impact assessment this year, with a view to updating EU data retention rules “as appropriate”.

“Since the EU Data Retention Directive was invalidated in 2014, the EU legislative landscape on obliging service providers to store data has become fragmented and uneven. Member States’ data retention frameworks diverge on the types of electronic communications that service providers have to retain, the categories of data they cover, and the required retention periods. Moreover, some Member States do not have any data retention laws”, observes the Commission.

It points out that the High Level Group on Access to Data set up in early 2023 “recommended setting up a harmonised EU framework for data retention to ensure that the digital evidence required to investigate and prosecute crimes is available”.

On the issue of “decrypting” data, the Commission points out that it has appointed experts to work on a “technology roadmap” for 2026, to find technical solutions providing access to certain encrypted data while respecting legal frameworks and fundamental rights. “The Commission will also support the development of new decryption technologies to equip Europol with a next generation decryption capability (from 2030)”.

Legal interception of data. The Commission will study measures to improve cross-border cooperation by 2027. This will involve, for example, assessing the need to strengthen the European Investigation Order.

Digital forensics. Europol will be invited to become a centre of excellence for operational expertise. 

Finally, the ‘Roadmap’ focuses on standardisation and AI solutions for law enforcement.

Further information: https://aeur.eu/f/hiz (Original version in French by Solenn Paulic)