In the wake of attacks across Europe, the European Commission (EC) is proposing new legislation to speed up the transfer of crucial data from companies such as Facebook and Google, even when it is stored in another EU member state – which is often a slow process.
The EC is set to propose three options that will form the basis of a future legislative proposal.
In light of recent data protection discussions as well – as legislation including the Umbrella Agreement, introduced at the tail end of 2016 – this represents an interesting stance by the European Commission.
EU justice ministers are to meet in Brussels on Thursday to discuss the EC’s proposals, which will then form the basis of a motion put forward by the EU executive by early 2018.
Of the three EC proposals, the least intrusive option involves allowing law enforcement agencies in one member state to ask an IT provider in another member state to turn over electronic evidence, without having to ask that member state first, the Guardian reports.
The second option would see the companies obliged to turn over data if requested by law enforcement agencies in other member countries.
The most intrusive option, allowing law enforcement agencies direct access to information in the cloud, is being suggested for situations where authorities do not know the location of the server hosting the data or there is a risk of the data being lost.
“This third option is kind of an emergency possibility which will require some additional safeguards protecting the privacy of people,” Jourova said. “You simply cannot massively collect some digital data for some future use.”
“My preference is to go for this as an extraordinary measure for extraordinary threats, for high gravity criminal offences such as terrorism and there I am in favour of enabling the use of personal data,” Jourova said, adding that no decision has yet been taken.
The types of data that could fall within the scope of the law will be discussed on Thursday, from location or traffic data to personal communications, as well as safeguards such as requiring that law enforcement requests are necessary and proportionate.
Currently law enforcement agencies in Germany seeking data stored in Ireland – the location of many US tech firms’ European headquarters, including Facebook’s – would have to rely on Irish authorities requesting the data from them, which is a slow and cumbersome process.
Whatever your political outlook, there can be no denying there is a fine balance here and a response that you could argue is a misdirection of effort. Is speeding up law enforcement procedures a good enough mandate to erode user data privacy? And will this kind of legislation reduce user confidence in the cloud?
Direct governmental access to cloud data also has its own risks, with a number of departmental bodies suffering the embarrassment of serious security breaches in the last 12 months.