The European Union is planning to give police authorities the power to gather evidence directly from technology companies during investigations, even if that data is stored in a non-European country.
The European Commission is preparing to present three proposals to EU ministers, according to a report by Reuters, setting out three different potential scenarios for the collection of data.
The first, and least intrusive option, would see law enforcement authorities in one member state be allowed to approach IT providers in another member state directly, without having to secure permission from that state first.
Under current rules, police agencies in France would need to secure cooperation from German authorities to root out evidence on their behalf, which is typically time consuming and inefficient.
The second scenario would place an obligation on IT companies to turn over any evidence requested by law enforcement agencies from other member states. Yet forcing tech companies to turn over data stored in different member states has faced legal challenges in the past.
Microsoft famously won a court victory against the US Department of Justice in July 2016, after it attempted to force the company to hand over email repositories stored in Ireland. Somewhat ironically, the Commission supported Microsoft's position in that case, arguing that foreign authorities shouldn't be able to directly access data unless they have secured traditional cooperation.
IT Pro has approached Microsoft for comment on these latest proposals, but had yet to receive a response at the time of publication.
The last, and most intrusive and widest reaching proposal, would grant police agencies the power to copy data directly from the cloud, useful for when it is unclear which country is holding onto the data.
Speaking to Reuters, EU Justice Commissioner Vera Jourova said: "I am sure that now in the shadow of recent terrorist attacks and increasing threats in Europe there will be more understanding among the ministers, even among those who come from countries where there has not been a terrorist attack."
"The third option is kind of an emergency possibility, which will require some additional safeguards protecting the privacy of people," she added. One of these safeguards, she suggested, could be a block on the mass collection of data for potential future investigations.
The exact scope of these proposals are due to be discussed on Thursday, according to the report, including precisely what data falls within the scope of the law.
