Cross-border data sharing for public safety

Event report

Cross-border data flows are a flipside of the architecture of the internet, which does not neatly conform to national borders. They are also a natural consequence of the decentralised provision of services in the digital economy, in which companies are located in foreign jurisdictions. In recent years, crime has also migrated online. These criminal activities leave behind a trace of digital evidence. As a consequence, crime investigators depend on access to data frequently located in other jurisdictions and held by private actors. 

The institutional networks of actors responsible for crime investigation have not evolved enough to match these rapid changes. Crime investigation is still largely a national activity, and there are no clear and easy mechanisms for processing data requests between government authorities and private companies. There are also barriers related to terminology and technical skills. For example, while policymakers mention cross-border data sharing for criminal investigation, criminal prosecutors refer to digital evidence, raising barriers to a common understanding. Moreover, law enforcement actors do not always clearly understand what kind of data is relevant, and how to access this data, especially in cases where the data is not stored on a piece of equipment, but in the cloud.

On the one hand, citizens and victims would benefit if authorities had access to relevant data that would enable them to conduct legitimate investigations and solve crimes. In present days, data is relevant not only for fighting cybercrime, but also for traditional crimes committed offline, such as murder and theft, which leave behind digital evidence as a by-product. On the other hand, access to data should happen in a way that protects privacy, otherwise it heightens the risk of state surveillance. Decisions on this issue should not be made by governments alone but should involve the broader society. 

The most modern instruments of cooperation, such as the protocols to the Budapest Convention, and the European e-Evidence regulation place individuals and privacy protection as an important goal. They represent a significant evolution compared to Mutual Legal Assistance Treaties (MLATs), mainly designed to protect sovereignty. MLTAs also do not sit well with situations in which all elements concerning the crime (e.g., nationality of the victim, of the perpetrator, etc) are related to one country, and the only foreign element is the fact that data is located elsewhere, in a jurisdiction that has no real nexus with the criminal act. 

Countries and regions are seeking to devise legal solutions to this problem, such as the US Cloud Act and the e-evidence regulation, proposed in the EU. Nevertheless, there are many countries without legal frameworks in place, which resort to data localisation in order to ensure that law enforcement actors can access data. Some countries are also putting in place laws with extraterritorial effects, which foster legal fragmentation. In devising legal solutions, interoperability is key. 

Cross-border sharing of data for public safety is a complex issue, which requires an understanding of some technical and legal concepts. Nevertheless, it is an issue of great public interest as it relates to fundamental social goals, such as fighting crime and preventing impunity, while, at the same time, protecting the rights of individuals, such as the rights to privacy and due process. Solutions to this issue must combine efficiency, due process, and the safeguarding of human rights. 

By Marilia Maciel

The session in keywords