Criminal offenses with the most different modi operandi and levels of
complexity can generate digital evidence, whether or not the actual crime is
committed by using information and communication technology (ICT). The
digital data that could be used as evidence in a later criminal prosecution
is mostly in the hands of private companies who provide services on the
Internet. These companies often store their customers’ data on cloud servers
that are not necessarily located in the same jurisdiction as the company.
Law enforcement and prosecution authorities then need to take two steps that
are not exclusive for evidence of a digital nature. First, they need to
discover where the data is located—with which company and in which
jurisdiction. Second, they need to obtain the data. In considering digital
evidence, the last step, however, is complicated by new issues that form the
focus of this paper. The first concern is the practice by companies to
dynamically distribute data over globally spread data centers in the blink
of an eye. This is a practical concern as well as a legal concern. The
second issue is the slowness of the currently applicable international legal
framework that has not yet been updated to a fast-paced society where
increasingly more evidence is of a digital nature. The slowness of
traditional mutual legal assistance may be no news. The lack of a suitable
legal framework for competent authorities that need to obtain digital
evidence in a cross-border manner, nonetheless, creates a landscape of
diverse initiatives by individual states that try to remedy this situation.
A third issue is the position that companies are put in by the new EU
proposal to build a legal framework governing production orders for digital
evidence. With companies in the driver's seat of a cross-border evidence
gathering operation, guarantees of the traditional mutual legal assistance
framework seem to be dropped. A fourth issue is the position of data
protection safeguards. US based companies make for significant data
suppliers for criminal investigations conducted by EU based authorities.
Conflicting legal regimes affect the efficiency of data transfers as well as
the protection of personal data to citizens.