Full GNI Submission 

In June 2016, the European Commission (“the Commission”) set out to explore ways to improve Member States’ law enforcement access to electronic evidence stored beyond the requesting authorities’ borders. To help guide the Commission toward a rights-respecting approach, in October 2017, GNI shared a non-exhaustive list of measures and commitments critical to the design and implementation of legal procedures for facilitating cross-border requests. On July 19, we continued our engagement with the Commission’s efforts via a public submission on the draft regulation and directive published by the Commission earlier this year.

The Commission’s Regulation would create new European Production/Preservation Orders (“EPOs”) enabling judicial authorities to issue orders directly to communications and cloud providers offering services in the EU that require them to preserve and/or produce stored content or non-content data. The Commission’s Directive would require service providers to designate a legal representative in an EU Member State to be responsible for the receipt, compliance, and enforcement of cross-border demands.  

GNI recognizes that these requests can help expedite legitimate law enforcement investigations involving cross-border data, but also believes it is important to highlight potential risks affecting users’ rights that may arise through the implementation of the proposal as it currently stands. The GNI Principles and Implementation Guidelines offer a framework for rights-respecting responses to government requests to share user data, and we feel that our experience working collaboratively across stakeholder groups to find ways to address such needs while respecting user rights gives us unique and valuable insight.

GNI’s submission calls on the Commission to ensure: (i) that issuing authorities have the responsibility to ensure that  EPOs are consistent with domestic law and the Charter of Fundamental Rights; (ii) that compliance with EPOs does not create liability for service providers; and (iii) that service providers have sufficient information and opportunity to assess and respond to EPOs consistent with relevant laws, their responsibility to respect human rights, and legitimate user expectations. We then outlined nine more specific steps the Commission can take to ensure these goals are met. 

Learn more about GNI’s work on the human rights risks of jurisdictional challenges here.