Chapter 10 looks at Estonia, which has one of the world’s most advanced digital societies. Correspondingly, its legal frameworks are adjusted to support the high level of digitalisation, including its criminal laws. However, the ongoing reform aims at making rules technology-neutral rather than establishing specialised regimes. Therefore, on the one hand, general rules of evidence apply to evidence in digital form, and the criminal procedure relies to a great extent on general and broad powers to meet the challenges of modern investigations. On the other hand, the cooperation duties of national service providers are highly specific and governed by the Electronic Communications Act. The chapter first provides an overview of Estonian criminal proceedings and digital evidence, before elaborating on the details of cooperation between law enforcement authorities and service providers, both domestic and foreign. Additionally, it considers aspects of protection of fundamental rights in this context.

Chapter 13 focuses on Luxembourg, which sits near the top of several regional and international indexes for ICT development, digital economy and society, and technological readiness, and hosts an impressive and growing number of data centres along with the regional or global headquarters of major internet and e-commerce players. The country’s small size, highly connected nature and financial strength translate into the active cooperation of service providers in criminal investigations in both domestic and cross-border situations. Drawing on interview-based research, this chapter provides an international audience with a targeted overview of the Luxembourg legal framework, the ways in which it has adapted to developments at the international and EU levels (Budapest Convention, European Investigation Order, Law Enforcement Directive) and the practical as well as legal challenges relating to the various forms of cooperation between service providers and law enforcement authorities. It offers a comprehensive, up-to-date picture of national data retention rules and discusses the potential impact of the new European Production Order on service providers in Luxembourg.

Chapter 2 outlines normative challenges related to jurisdiction over data residing abroad. It illustrates how the law enforcement process involves different types of jurisdictional claim and highlights the challenges in bundling investigative measures with invasive enforcement measures. It also highlights that the traditional focus on territoriality does not meet the needs of law enforcement efforts in fighting cybercrime. Rather, basing claims of jurisdiction to enforce strictly on the location of data raises several questions in terms of the threshold of breaching sovereignty and the legality of accessing such data under international law. Further, the chapter looks at the inadequacies associated with single-factor jurisdictional tests and points to the need for multi-factor assessments. It discusses key actors being placed in a position where compliance with one state’s law necessitates violation of another’s. Last, it analyses international attempts to solve issues of transborder access to data, including the Council of Europe’s Second Additional Protocol to its Budapest Convention, the EU e-Evidence Regulation, the US CLOUD Act and the EU–US CLOUD Act agreement negotiations.

Chapter 12 analyses Irish law on police access to digital evidence. It outlines the domestic legal framework regarding data retention, interception of communications and access to stored data. It then considers the law governing cross-border requests for data. It assesses the extent to which these rules are adequate for law enforcement purposes and whether these rules are compatible with the European Convention on Human Rights, the Charter of Fundamental Rights and data protection standards.

The Introduction sketches the main technological and legal challenges LEAs face in criminal investigations when seeking to collect electronic evidence in the digital era. It gives an overview of the relevant legal framework at EU, Council of Europe and international level, including recent developments such as the e-Evidence Regulation and the Second Additional Protocol to the Cybercrime Convention, and identifies some missing pieces of the puzzle. Next, the chapter explains the main research objectives of this handbook, before presenting its overall structure and introducing the subsequent chapters.

Chapter 6 looks at how, in democratic societies, the regimes of data collection for the purposes of national security and law enforcement have traditionally been strictly separated. Yet, in the last two decades, complex challenges such as organised crime and terrorism have blurred the border between them, raising concerns about the use of data collected by intelligence agencies as evidence in criminal investigations. The chapter examines issues related to exchange of information between national security and criminal justice domains. It discusses problems associated with the inherent imbalance in aims, functions and safeguards between the two regimes. While considering the exchange of data between intelligence agencies and law enforcement inevitable, the chapter argues that the differences between the regimes create a danger of using national security frameworks to circumvent strict safeguards established in criminal procedure law. It suggests that robust safeguards and measures for accountability and oversight must become an integral part of frameworks that enable and facilitate data flows from the national security domain to criminal investigations.

Chapter 1 provides a broader picture of electronic evidence and digitalisation. After an overview of the latest EU digital and security strategies and their basic principles, it analyses specific far-reaching legislative instruments based on new ideas of EU criminal law prevention, reaction and cooperation in the digital age. It then analyses the main right affected by the new approach and instruments – the right to privacy – from a historical perspective and a modern understanding through concepts developed initially by the case law of the US Supreme Court. It addresses the question of what legal boundaries are necessary in the digital age for such a right to still be an effective one. Last, the chapter looks at the aspects of digitalisation in the EU criminal law justice area that pose the most questions when comparing digital cross-border cooperation with classical cross-border cooperation based on mutual recognition. It considers judicial (court) authorisation and its meaning, oversight and extraterritorial application of legislation in that regard.

Chapter 5 looks at dealing with digital or electronic evidence in criminal investigations and the complications that presents from a legal perspective. It focuses on the aspect of admissibility of digital evidence at the European level. It presents the main characteristics that make digital evidence so critical for the law of evidence, along with the digital forensics standards and guidelines that describe how to collect such data, developed by the most authoritative bodies at the international and European levels. Against this reconstruction, it highlights the scarce European statutory bases currently referring to the admissibility of evidence and, given their limits, moves to explore the jurisprudence of the European Court of Human Rights and the Court of Justice. On such grounds, it supports the need for the EU to equip itself with common admissibility criteria in general, and with specific admissibility rules concerning forensic evidence (including digital data) in particular.

Chapter 16 comparatively examines the national legislation in EU member states in order to reveal common patterns and differences in legal rules and their practical application with respect to gathering digital evidence for the purpose of criminal investigations. The study is essentially based on the information provided in the preceding book chapters, covering seven national legal systems selected for this research: Belgium, Estonia, Germany, Ireland, Luxembourg, Poland and Spain. The comparative analysis investigates not only the rules on access to digital evidence but also their broader legislative context. Indeed, before analysing how data can be obtained, it is important to understand the legal terminology and categorisations used in the different legal systems, as well as the national rules on data retention in light of the case law of the Court of Justice of the EU.

The Conclusion describes how, while the handbook started with the main technological and legal challenges regarding collection of digital evidence, the research shows that even though the challenges are shared by legal systems across the globe, the answers are not. Legal solutions to similar problems are fragmented, disparate and often unsatisfactory. Even if technology-neutral solutions are preferable to make sure hard-fought EU legislation and international agreements can stand the test of time, the legal reality appears to be quite different. Despite positive recent legal developments at EU and international levels, future approximation of national approaches seems highly desirable to enable LEAs to conduct effective criminal investigations to protect society and its citizens from new criminal phenomena. At the same time, protection of citizens’ fundamental rights should be reinforced, not just at the national level but in a cross-border context, considering that many criminal investigations now reach beyond national borders. Global initiatives are, however, hampered by tensions between democratic and non-democratic states, making a one-size-fits-all solution inadequate.

Chapter 9 analyses the extent to which lawmakers have taken the peculiarities of e-evidence into account and highlights flaws in the resulting legal regime. It addresses the Belgian preservation of general data retention and the possibility to use unlawfully retained and/or accessed data. Next, it delves into the wide spectrum of duties for (internet) service providers to cooperate in criminal proceedings. It discusses the broad interpretation of the territorial scope of the Yahoo! and Skype case law from Belgian courts and its codification in subsequent legislation, including how voluntary cooperation with law enforcement remains important in practice. It briefly examines the legal framework for cross-border cooperation, often perceived as ineffective and needlessly time-consuming. Lastly, it sheds light on the potential impact of the EU e-Evidence Regulation, concluding that, under domestic legislation, a coherent, completely fundamental-rights-proof legal framework is still lacking. It shows Belgium’s support for a pan-EU regime and better international cooperation, provided its law enforcement can maintain the possibility of direct cooperation in a sufficiently effective way.

Chapter 20 focuses on the UK legal landscape around the investigatory powers of UK law enforcement authorities (LEAs) and the duties of service providers to cooperate with them. The primary legislative framework from which LEAs derive their powers to obtain digital evidence is the Investigatory Powers Act 2016. The chapter examines the different categories of data that may be requested from communication services providers and the legal procedures governing such lawful access. It also looks at other legal sources available to LEAs, to provide a comprehensive framework for cooperation between service providers and LEAs in obtaining digital evidence. Last, the chapter explores the cooperation of UK LEAs with non-UK-based service providers, as well as that of UK-based service providers with foreign LEAs.

Chapter 21 provides an account of the governing legal framework with respect to the gathering of digital evidence by US law enforcement authorities (LEAs) and the rules that bind US service providers – an issue that, given the quantity of data of interest in the hands of US-based providers, increasingly matters to LEAs around the world. It describes the general statutory and constitutional scheme governing data collection in the United States, with a focus on the federal level. It then examines specific questions with respect to cross-border cooperation, particularly in light of the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which seeks to better facilitate cross-border access to data, in specified circumstances, and in accordance with baseline procedural and substantive protections. The chapter’s concluding thoughts point to both the need for more attention to cross-border access to data and some of the lacunae in US law.

Chapter 11 explores how German criminal procedure, in the same way as German substantive criminal law, builds on a main body of legislation that was drafted in the nineteenth century. While the German Code of Criminal Procedure has been amended numerous times – also with the intention to address digital transformation and the shift to an information society – the obtaining of digital evidence (in particular from service providers), its analysis and its transformation into evidence introduced in a criminal trial remain areas with many challenges, uncertainties of legal interpretation and need of legislative reform. This chapter aims to provide an overview of core themes of digital evidence in criminal justice and the cooperation of service providers in criminal matters in Germany – in particular those that seem of most relevance to an international audience.

Chapter 8 discusses the recent development within the Council of Europe – the Second Additional Protocol to the Cybercrime Convention – which provides the legal framework that legitimises unilateral cross-border access to digital evidence in criminal matters. While the Second Additional Protocol is innovative in terms of its law enforcement mechanisms vis-à-vis digital evidence, it is incomplete regarding its protective safeguards against the risks of abuse, as well as the extent to which it addresses rudimentary issues such as jurisdiction, data protection provisions, etc. This chapter pushes the idea that these non-negotiables should be addressed and the loose ends tied up.

Chapter 14 discusses the Polish law on the basis of which electronic evidence is collected. These provisions are not always consistent with each other and do not contain a definition of electronic evidence. The chapter presents the problem of adapting the regulations of the Polish Telecommunications Act to the jurisprudence of the Court of Justice of the European Union in the field of legal requirements for collecting electronic evidence, and assesses the mechanism for controlling the acquisition of telecommunications data by the police. It looks at difficulties in providing electronic evidence to law enforcement authorities (LEAs) by very small service providers that do not possess appropriate organisational and financial resources, and the problem of limited remedies being available for persons whose data was collected by an LEA in violation of the law. It expresses doubt as to the manner of implementing the European Investigation Order in the Code of Criminal Procedure in Poland in terms of guaranteeing the defendant’s right to defence.

Chapter 19 provides an overview of Turkish law on the collection of digital evidence stored in and outside Turkey. It explains that while cybercrime offence definitions under Turkish law are generally in line with the Cybercrime Convention, Turkey has largely not transposed the criminal procedure and international cooperation sections of the Convention into its domestic law. It delves into the legal framework for collection of digital evidence in Turkey, including investigative measures, mandatory or voluntary cooperation of internet service providers, and administrative search and seizure methods. It analyses the judicial cooperation between Turkish LEAs and their foreign counterparts, and notes the challenges Turkish authorities face in obtaining e-evidence stored in foreign jurisdictions through mutual legal assistance requests. Noting efforts to overcome such challenges, in part through expanding the powers of the Information and Communication Technologies Authority, the chapter calls for a reform of Turkish criminal procedure and international cooperation law with the relevance of Turkey’s human rights obligations and e-evidence in mind.

Chapter 3 explores how EU data protection law relates to public–private direct cooperation on digital evidence in criminal investigations. It asks if a neat prima facie separation of the GDPR and the LED matches the realities of private-to-public data transfers for criminal investigations, and if that legal framework is harmonious enough to warrant description as an EU data protection acquis. It distinguishes scenarios of formal (and informal) direct cooperation, viewed through the conceptual prism of data controllership. It applies that frame to the European Commission’s 2018 ‘e-Evidence package’, along with co-legislators’ competing visions, before looking at the final 2023 compromise text from a data protection perspective. It discusses how far CJEU case law illuminates theoretical blind spots and if the ongoing strengthening of enforcement powers is likely to herald not only greater legal certainty on the supply of digital evidence but also meaningful, workable data subject rights. Last, it reflects on the future place of EU data protection standards within the Council of Europe’s own new direct cooperation mechanism – the Second Additional Protocol to the Budapest Convention.

Digital traces that people leave behind can be useful evidence in criminal courts. However, in many jurisdictions, the legal provisions setting the rules for the use of evidence in criminal courts were formulated long before these digital technologies existed, and there seems to be an increasing discrepancy between legal frameworks and actual practices. This chapter investigates this disconnect by analyzing the relevant legal frameworks in the EU for processing data in criminal courts, and comparing and contrasting these with actual court practices. The relevant legal frameworks are criminal and data protection law. Data protection law is mostly harmonized throughout the EU, but since criminal law is mostly national law, this chapter focuses on criminal law in the Netherlands. We conclude that existing legal frameworks do not appear to obstruct the collection of data for evidence, but that regulation on collection in criminal law and regulation on processing and analysis in data protection law are not integrated. We also characterize as remarkable the almost complete absence of regulation of automated data analysis – in contrast with the many rules for data collection.