European publication order

from Wikipedia, the free encyclopedia

The European Publication Order (E-Evidence Regulation) is a collection of proposals by the EU Commission on access by law enforcement authorities to digital data in other countries in the form of a draft directive and a draft regulation.

The regulation was pushed forward quickly by the representatives of the EU states, but it is criticized because it would allow private individuals from abroad, among other things, to force the release of user data from EU countries by telecommunications providers, cloud services and social networks themselves if the alleged criminal offenses are not at all criminal in the EU country of the users concerned. The German federal and state data protection officers see the basic rights of users and providers being undermined.

target

Police and judicial authorities should receive the required digital data ("e-Evidence") directly from service providers in any country, including outside the European Union, within 360 minutes (in urgent cases) or within ten days.

Historical classification

The proposals for access to "e-Evidence" are a reaction to the US Clarifying Lawful Overseas Use of Data Act ( CLOUD Act ) of March 23, 2018. This authorizes US authorities to access data from US providers, also on data outside the USA.

The suggestions on “e-Evidence” go beyond that. Not only do companies in the EU have to release data - regardless of where it is stored. Non-European companies should also comply with the EU obligation if they offer services in the EU. To this end, providers of communication services such as chat programs or e-mails should appoint a legal representative in the EU.

Data volume

Providers should generally issue four types of data:

  • Subscriber data - identity and address data of customers, which services have been booked and how they are paid, i.e. inventory data.
  • Access data - metadata for the specific use of a service: date and time, IP address, user ID
  • Transactional data - metadata on the type of use of services: sender and recipient of e-mails, geolocation of end devices, protocols used.
  • Content data - stored content data, i.e. text, image, sound or video.

This includes all user-related data stored by the provider except real-time communication data. Monitoring of ongoing use is not provided.

Legal instruments

The draft regulation defines two instruments. Each instrument represents a direct obligation of a provider abroad without addressing the authorities of the country concerned - by means of a legal assistance request or by means of the European Investigation Order (EIO).

  • European Production Order (EPO): An EPO obliges service providers to provide data requested by authorities within 10 days. The deadline is reduced to 360 minutes for urgent cases due to an imminent danger to life and limb or critical infrastructures. The demand for subscriber data and access data applies to every criminal offense, for the other data only in the case of serious offenses with a range of penalties from three years.
  • European Preservation Order (EPrO): The EPrO is intended to prevent the deletion or overwriting of existing data in order to later enable requests for legal assistance, EIO or EPO.
  • Authorities of the member state in which the provider is based must support authorities of the requesting state in enforcing the requests.

criticism

  • of the Federal Bar Association: The BRAK considered the proposal for a regulation on European surrender orders and preservation orders for electronic evidence in criminal matters in a statement from September 2018 to be hasty, as the regulations to which the draft refers have not yet been adopted. Therefore, the practical effects of the directive on the European Investigation Order would have to be awaited in order to avoid the resulting weaknesses in a regulation for surrender and preservation orders. In addition, there is no substantive legal examination in the executing state - regarding the necessity, proportionality or abuse of the measure. In the executing state, those affected would be left defenseless in an area that is very relevant to fundamental rights.
  • Affected companies and associations complain about the assumption of responsibility, in addition to the effort involved: Providers must check whether the order violates fundamental rights - as explained in Art. 9 Paragraph 5 of the draft ordinance. There are no exceptions for small businesses.
  • Civil rights activists warn against the state's self-disempowerment in favor of digital platforms, as the proposal continues to outsource the protection of fundamental rights to private companies. These are promoted step by step by taking police or judicial measures to auxiliary police officers, auxiliary prosecutors and auxiliary judges:
    • The ECJ forces search engine providers with the right to be forgotten to weigh the public's interests in information against privacy protection.
    • With the Network Enforcement Act, companies should check content for illegality and delete it if necessary.
    • The e-Evidence Regulation forces online providers to expertly assess the legality of police access to digital data by foreign countries.

Web link

Individual evidence

  1. a b Muzayen Al-Youssef: "Austrians could be sued for illegal streams" Der Standard from June 24, 2019.
  2. "EU states are demanding high fines for online services" golem.de of December 3, 2018.
  3. "Federal Ministry of Justice warns companies of legal risks with US data access" Handelsblatt dated May 17, 2019.
  4. Opinion No. 28/2018 E-Evidence. (PDF) Federal Bar Association, accessed on June 24, 2019 .
  5. Resolution of the conference of the independent data protection supervisory authorities of the federal and state governments - Münster, November 7, 2018. (PDF) Conference of the independent data protection supervisory authorities of the federal and state governments, accessed on December 2, 2018 .
  6. e-Evidence: Outsourcing of fundamental rights protection. Martin Schallbruch, accessed December 2, 2018 .