37C3 - Dissecting EU electronic evidence

Guido Kettner

"Discover the intricacies of the EU's electronic evidence regulation, examining its provisions, limitations, and potential drawbacks in facilitating digital data exchange between member states."

Key takeaways
  • The regulation aims to facilitate the exchange of electronic evidence between EU member states, but has some issues with complexity and effectiveness.
  • Service providers must respond to requests within 8 hours, and have 60 days to produce the requested data.
  • The regulation applies only to substantial crimes, defined as those carrying a minimum custodial sentence of at least 3 years.
  • The service provider can raise an objection, but the requesting authority can also object if the provider does not release the data.
  • There is no harmonization of criminal law across EU member states, which can lead to conflicts and difficulties in implementing the regulation.
  • The regulation does not require the service provider to have a contract with the user or to have a presence in the country where the user is located.
  • There is no clear guidance on how to handle requests for data from users who are not located in the same country as the service provider.
  • The regulation does not provide for cost reimbursement for service providers that produce the requested data.
  • The implementation of the regulation will be challenging for small and not-for-profit organizations.
  • There are concerns about the effectiveness of protections for individuals and the potential for abuse by law enforcement.
  • The regulation applies only to electronic evidence, and does not cover other forms of evidence.
  • Service providers are expected to have procedures in place for handling requests for data and producing the requested data.
  • The regulation does not provide for an appeal process for service providers who object to producing the requested data.
  • There are provisions for enforcement and penalties for service providers that fail to comply with the regulation.
  • The regulation is intended to facilitate the exchange of electronic evidence between EU member states, but has some issues with complexity and effectiveness.