Transborder Access to e-Evidence by Law Enforcement Agencies

21 Pages Posted: 19 Dec 2018

See all articles by Mark D. Cole

Mark D. Cole

University of Luxembourg, FDEF, Department of Law; University of Luxembourg, SnT

Teresa Quintel

European Centre on Privacy and Cybersecurity ; Universite du Luxembourg; Uppsala University

Date Written: May 11, 2018


As communication nowadays commonly takes place via electronic means, the use of electronic evidence (e-evidence) is becoming a crucial element in criminal investigations. Due to the borderless nature of the internet, many criminal investigations include a cross-border dimension and therefore, commonly require access to electronic data and evidence that are stored outside the territorial jurisdiction of the investigating authority.

Since data are typically held by private companies that are often located in a different country than the investigator, law enforcement authorities (LEAs) are either dependent on the willingness of these service providers to cooperate on a voluntary basis, or to resort to existing legal procedures for obtaining the data for investigations.

The relevant procedures under the current framework to access data stored outside the European Union is based on so-called Mutual Legal Assistance Treaties (MLATs), whereas judicial cooperation within the EU is, inter alia, governed by the Directive on the European Investigation Order in the form of the national transposition acts of the Member States.

Because e-evidence is, due to its volatile nature, prone to modification and deletion, the timely acquisition of stored data is vital for LEAs. Therefore, informal cooperation between LEAs and private companies is a common method to obtain e-evidence, thereby bypassing the lengthy and often ineffective Mutual Legal Assistance (MLA) mechanisms. Such direct cooperation between law enforcement and private companies, which is commonly carried out on a unilateral basis, has led to a fragmented framework for the acquisition of data.

Against this background, the European Commission, on 17 April 2018, proposed new rules on access to e-evidence, to secure and obtain preserved data faster and more effectively and to ensure that all providers that offer services in the EU are subject to the same obligations.

Similar developments regarding the adoption of comparable legislative acts and instruments regarding direct law enforcement access to data stored by private companies take place elsewhere in Europe and beyond: The Council of Europe is currently preparing a 2nd Additional Protocol to the Budapest Convention on enhanced international cooperation, whereas in the U.S., the Clarifying Lawful Overseas Use of Data Act on rules for cross-border law enforcement investigations was enacted in March 2018.

This contribution will address concerns regarding the role of private companies as ‘extended arm’ of LEAs and the measures that seek to cope with the legal uncertainty and fragmentation that emerged with the informal public-private relationships around the acquisition of e-evidence. The article suggests that the initiatives on different levels might result in even more conflicts of laws than is currently the case, if lacking a coordinated and coherent approach in Europe and internationally.

Moreover, the article discusses the impact of the abovementioned developments with regard to EU data protection standards. The compliance of the new rules on access to e-evidence with the EU data protection acquis, namely the GDPR and Directive (EU)2016/680, will be one of the relevant matters covered in this article.

Keywords: e-Evidence, U.S. CLOUD Act, Budapest Convention, Data Protection, GDPR, Directive (EU)2016/680

Suggested Citation

Cole, Mark D. and Quintel, Teresa, Transborder Access to e-Evidence by Law Enforcement Agencies (May 11, 2018). University of Luxembourg Law Working Paper No. 2018-010, Available at SSRN: or

Mark D. Cole (Contact Author)

University of Luxembourg, FDEF, Department of Law ( email )

4, Rue Alphonse Weicker
Campus Kirchberg, Weicker building
Luxembourg, L-2721

University of Luxembourg, SnT ( email )

JFK Building
29, Avenue J.F Kennedy
Luxembourg, L-1885

Teresa Quintel

European Centre on Privacy and Cybersecurity ( email )


Universite du Luxembourg ( email )

L-1511 Luxembourg

Uppsala University ( email )


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics