Chapter 15 looks at the new set of investigative measures introduced by the reform of the Criminal Procedure Code in Spain, in 2015, which changed completely the approach to the investigation of cybercrime, transformed now into one of the most modern in Europe. The new regulation introduced the latest high-tech investigative tools, imposing a complete set of duties of cooperation on all internet service providers. However, the Spanish legislator failed to amend the domestic legal framework on electronic communications data retention, and so it is not compatible with the jurisprudence of the Court of Justice of the EU. This chapter describes the rules as developed and applied by the Spanish courts, before and after the amendments of the Criminal Procedure Code 2015, and several subsequent laws on digital data that, since then, have been adopted in reaction to the EU’s legal framework in the field.

Chapter 5 looks at dealing with digital or electronic evidence in criminal investigations and the complications that presents from a legal perspective. It focuses on the aspect of admissibility of digital evidence at the European level. It presents the main characteristics that make digital evidence so critical for the law of evidence, along with the digital forensics standards and guidelines that describe how to collect such data, developed by the most authoritative bodies at the international and European levels. Against this reconstruction, it highlights the scarce European statutory bases currently referring to the admissibility of evidence and, given their limits, moves to explore the jurisprudence of the European Court of Human Rights and the Court of Justice. On such grounds, it supports the need for the EU to equip itself with common admissibility criteria in general, and with specific admissibility rules concerning forensic evidence (including digital data) in particular.

Chapter 16 comparatively examines the national legislation in EU member states in order to reveal common patterns and differences in legal rules and their practical application with respect to gathering digital evidence for the purpose of criminal investigations. The study is essentially based on the information provided in the preceding book chapters, covering seven national legal systems selected for this research: Belgium, Estonia, Germany, Ireland, Luxembourg, Poland and Spain. The comparative analysis investigates not only the rules on access to digital evidence but also their broader legislative context. Indeed, before analysing how data can be obtained, it is important to understand the legal terminology and categorisations used in the different legal systems, as well as the national rules on data retention in light of the case law of the Court of Justice of the EU.

The Conclusion describes how, while the handbook started with the main technological and legal challenges regarding collection of digital evidence, the research shows that even though the challenges are shared by legal systems across the globe, the answers are not. Legal solutions to similar problems are fragmented, disparate and often unsatisfactory. Even if technology-neutral solutions are preferable to make sure hard-fought EU legislation and international agreements can stand the test of time, the legal reality appears to be quite different. Despite positive recent legal developments at EU and international levels, future approximation of national approaches seems highly desirable to enable LEAs to conduct effective criminal investigations to protect society and its citizens from new criminal phenomena. At the same time, protection of citizens’ fundamental rights should be reinforced, not just at the national level but in a cross-border context, considering that many criminal investigations now reach beyond national borders. Global initiatives are, however, hampered by tensions between democratic and non-democratic states, making a one-size-fits-all solution inadequate.

Chapter 9 analyses the extent to which lawmakers have taken the peculiarities of e-evidence into account and highlights flaws in the resulting legal regime. It addresses the Belgian preservation of general data retention and the possibility to use unlawfully retained and/or accessed data. Next, it delves into the wide spectrum of duties for (internet) service providers to cooperate in criminal proceedings. It discusses the broad interpretation of the territorial scope of the Yahoo! and Skype case law from Belgian courts and its codification in subsequent legislation, including how voluntary cooperation with law enforcement remains important in practice. It briefly examines the legal framework for cross-border cooperation, often perceived as ineffective and needlessly time-consuming. Lastly, it sheds light on the potential impact of the EU e-Evidence Regulation, concluding that, under domestic legislation, a coherent, completely fundamental-rights-proof legal framework is still lacking. It shows Belgium’s support for a pan-EU regime and better international cooperation, provided its law enforcement can maintain the possibility of direct cooperation in a sufficiently effective way.

Chapter 20 focuses on the UK legal landscape around the investigatory powers of UK law enforcement authorities (LEAs) and the duties of service providers to cooperate with them. The primary legislative framework from which LEAs derive their powers to obtain digital evidence is the Investigatory Powers Act 2016. The chapter examines the different categories of data that may be requested from communication services providers and the legal procedures governing such lawful access. It also looks at other legal sources available to LEAs, to provide a comprehensive framework for cooperation between service providers and LEAs in obtaining digital evidence. Last, the chapter explores the cooperation of UK LEAs with non-UK-based service providers, as well as that of UK-based service providers with foreign LEAs.

Chapter 21 provides an account of the governing legal framework with respect to the gathering of digital evidence by US law enforcement authorities (LEAs) and the rules that bind US service providers – an issue that, given the quantity of data of interest in the hands of US-based providers, increasingly matters to LEAs around the world. It describes the general statutory and constitutional scheme governing data collection in the United States, with a focus on the federal level. It then examines specific questions with respect to cross-border cooperation, particularly in light of the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which seeks to better facilitate cross-border access to data, in specified circumstances, and in accordance with baseline procedural and substantive protections. The chapter’s concluding thoughts point to both the need for more attention to cross-border access to data and some of the lacunae in US law.

Chapter 17 discusses China’s Criminal Procedure Law, which provides a general cooperation obligation for all relevant entities, including service providers. As collecting data from service providers has become increasingly important in criminal investigations, the past decade has witnessed a certain number of laws, regulations and explanatory documents adopted to specify service providers’ cooperation obligations. This chapter systematically studies these provisions and summarizes the rich content of service providers’ cooperation obligations relating to collection of historical and real-time data in criminal investigations as well as in their daily operation. It also discusses future improvements to the current legislations, namely more protection of sensitive data, due process in evidence collection and criminal liability for service providers when cooperation obligations cannot be fulfilled. Based on China’s position of respecting data sovereignty, China requires data to be stored locally. Foreign LEAs can obtain data from Chinese service providers only via mutual legal assistance, and service providers in China are prohibited from providing data directly to foreign LEAs.

Chapter 11 explores how German criminal procedure, in the same way as German substantive criminal law, builds on a main body of legislation that was drafted in the nineteenth century. While the German Code of Criminal Procedure has been amended numerous times – also with the intention to address digital transformation and the shift to an information society – the obtaining of digital evidence (in particular from service providers), its analysis and its transformation into evidence introduced in a criminal trial remain areas with many challenges, uncertainties of legal interpretation and need of legislative reform. This chapter aims to provide an overview of core themes of digital evidence in criminal justice and the cooperation of service providers in criminal matters in Germany – in particular those that seem of most relevance to an international audience.

Chapter 18 considers how, in general, Russian law does not provide a definition of digital (or electronic) evidence or any particular rules in that respect. However, various laws in the spheres of telecommunications, information technologies and personal data list specific categories of natural and legal persons, empowered to work with data in a digital form, including content data. Russian legal provisions are not always precise, and an important role in their interpretation belongs to both courts and executive bodies (e.g. the Roskomnadzor). Information dissemination managers and many other categories of personal data processors are obliged to use Russian information systems or databases to store data and cooperate with LEAs that are involved in criminal investigation and operative-search activities. Threats to data subjects’ rights especially increase during the latter, because it is almost impossible to find out that certain pieces of data have been transferred to LEAs. Other problems are grounded in the 24-hour access of specific bodies to certain information systems and the low efficiency of judicial orders as a mechanism of human rights protection.

Chapter 8 discusses the recent development within the Council of Europe – the Second Additional Protocol to the Cybercrime Convention – which provides the legal framework that legitimises unilateral cross-border access to digital evidence in criminal matters. While the Second Additional Protocol is innovative in terms of its law enforcement mechanisms vis-à-vis digital evidence, it is incomplete regarding its protective safeguards against the risks of abuse, as well as the extent to which it addresses rudimentary issues such as jurisdiction, data protection provisions, etc. This chapter pushes the idea that these non-negotiables should be addressed and the loose ends tied up.

Chapter 4 describes modern encryption technologies in not-too-technical terms, from the building blocks of encryption primitives to more advanced technologies, within the debate of potential lawful access to encrypted digital evidence. It demonstrates that, in our modern world, there is no single kind of encryption and that a nuanced understanding of the technology needs to be kept in mind. It also presents several advanced encryption technologies that present additional security capabilities (beyond message encryption). After arguing against the deliberate creation of ‘back-doors’, it presents recent preliminary proposals of technological solutions to this issue.

Chapter 14 discusses the Polish law on the basis of which electronic evidence is collected. These provisions are not always consistent with each other and do not contain a definition of electronic evidence. The chapter presents the problem of adapting the regulations of the Polish Telecommunications Act to the jurisprudence of the Court of Justice of the European Union in the field of legal requirements for collecting electronic evidence, and assesses the mechanism for controlling the acquisition of telecommunications data by the police. It looks at difficulties in providing electronic evidence to law enforcement authorities (LEAs) by very small service providers that do not possess appropriate organisational and financial resources, and the problem of limited remedies being available for persons whose data was collected by an LEA in violation of the law. It expresses doubt as to the manner of implementing the European Investigation Order in the Code of Criminal Procedure in Poland in terms of guaranteeing the defendant’s right to defence.

Chapter 19 provides an overview of Turkish law on the collection of digital evidence stored in and outside Turkey. It explains that while cybercrime offence definitions under Turkish law are generally in line with the Cybercrime Convention, Turkey has largely not transposed the criminal procedure and international cooperation sections of the Convention into its domestic law. It delves into the legal framework for collection of digital evidence in Turkey, including investigative measures, mandatory or voluntary cooperation of internet service providers, and administrative search and seizure methods. It analyses the judicial cooperation between Turkish LEAs and their foreign counterparts, and notes the challenges Turkish authorities face in obtaining e-evidence stored in foreign jurisdictions through mutual legal assistance requests. Noting efforts to overcome such challenges, in part through expanding the powers of the Information and Communication Technologies Authority, the chapter calls for a reform of Turkish criminal procedure and international cooperation law with the relevance of Turkey’s human rights obligations and e-evidence in mind.

Chapter 3 explores how EU data protection law relates to public–private direct cooperation on digital evidence in criminal investigations. It asks if a neat prima facie separation of the GDPR and the LED matches the realities of private-to-public data transfers for criminal investigations, and if that legal framework is harmonious enough to warrant description as an EU data protection acquis. It distinguishes scenarios of formal (and informal) direct cooperation, viewed through the conceptual prism of data controllership. It applies that frame to the European Commission’s 2018 ‘e-Evidence package’, along with co-legislators’ competing visions, before looking at the final 2023 compromise text from a data protection perspective. It discusses how far CJEU case law illuminates theoretical blind spots and if the ongoing strengthening of enforcement powers is likely to herald not only greater legal certainty on the supply of digital evidence but also meaningful, workable data subject rights. Last, it reflects on the future place of EU data protection standards within the Council of Europe’s own new direct cooperation mechanism – the Second Additional Protocol to the Budapest Convention.