Proposed regulation on European Production and Preservation orders for electronic evidence in criminal matters: good try but could do better
The recent Commission’s proposal for a Regulation to introduce a European Production Order and a European Preservation Order for electronic evidence appears to be well intentioned, but maybe not well thought out.
The legal basis for the Regulation (Art 82(1) and (2) TFEU) appears stretched: Art 82 relates to cooperation between judicial and police authorities, but the proposal doesn’t include any cooperation, giving instead the right to the police or judicial authorities of one Member State (MS) to directly address a private entity in another MS. Furthermore, the proposal includes the execution of EPO and EPRO certificates which are issued by prosecutors, and therefore not necessarily judicial decisions.
The stated scope of the regulation is “the cross border acquisition and preservation of electronic evidence”, but it applies more broadly to the production and preservation of data, which might or not become evidence; furthermore, it speaks of “service providers”, but it applies also to companies and other entities, like regulated professions, which hold or process the data in question.
Other sticky points are judicial validation, which is requested only for transactional or content data, but not for subscriber and access data; no double criminality requirement; no criteria for the necessity and proportionality tests; no seriousness of crime limit for subscriber and access data; easily ignorable notification requirement to the person whose data are sought.
Of particular interest to lawyers is the fact that the proposed regulation doesn’t take into proper account the requirement of the equality of arms in criminal proceedings: there are no provisions to enable the defence to access or request electronic evidence.
The grounds for refusing to execute EPO and EPRO certificates are very restrictive, and the possibility that the requested data are protected by legal professional privilege if not contemplated.
The proposal doesn’t contain any detailed information on how the certificates would be issued and the requested data transmitted.
The Regulation has just started its legislative journey and it will probably fall to the next Parliament and Commission to bring it to fruition; it has certainly a long way to go before becoming a workable proposal.