Chapter 13 focuses on Luxembourg, which sits near the top of several regional and international indexes for ICT development, digital economy and society, and technological readiness, and hosts an impressive and growing number of data centres along with the regional or global headquarters of major internet and e-commerce players. The country’s small size, highly connected nature and financial strength translate into the active cooperation of service providers in criminal investigations in both domestic and cross-border situations. Drawing on interview-based research, this chapter provides an international audience with a targeted overview of the Luxembourg legal framework, the ways in which it has adapted to developments at the international and EU levels (Budapest Convention, European Investigation Order, Law Enforcement Directive) and the practical as well as legal challenges relating to the various forms of cooperation between service providers and law enforcement authorities. It offers a comprehensive, up-to-date picture of national data retention rules and discusses the potential impact of the new European Production Order on service providers in Luxembourg.

Chapter 2 outlines normative challenges related to jurisdiction over data residing abroad. It illustrates how the law enforcement process involves different types of jurisdictional claim and highlights the challenges in bundling investigative measures with invasive enforcement measures. It also highlights that the traditional focus on territoriality does not meet the needs of law enforcement efforts in fighting cybercrime. Rather, basing claims of jurisdiction to enforce strictly on the location of data raises several questions in terms of the threshold of breaching sovereignty and the legality of accessing such data under international law. Further, the chapter looks at the inadequacies associated with single-factor jurisdictional tests and points to the need for multi-factor assessments. It discusses key actors being placed in a position where compliance with one state’s law necessitates violation of another’s. Last, it analyses international attempts to solve issues of transborder access to data, including the Council of Europe’s Second Additional Protocol to its Budapest Convention, the EU e-Evidence Regulation, the US CLOUD Act and the EU–US CLOUD Act agreement negotiations.

Chapter 7 asks how it took more than five years for one of the most pressing legislative projects, seen as essential to enable law enforcement authorities all over the EU to effectively investigate crimes, to be resolved. The European Commission put forward the legislative package concerning e-evidence in criminal matters in 2018, but the legislative process was not concluded until June 2023. What can explain the divergences and delays that occurred, despite all parties having acknowledged the importance of the project? This chapter provides an overview of the difficulties that marked the negotiation process, as well as the solutions finally found, and serves as a very useful guide to e-evidence. It outlines the pre-history of e-evidence and the different stages of the negotiating process, before laying out the positions of the various actors on several issues that had to be negotiated. Finally, it focuses on the most contentious issue, namely the notification to be given, in some cases, by the issuing state to other states involved, permitting them to review the requests to service providers in order to ensure that human rights are protected and that no abuse occurs.

Chapter 12 analyses Irish law on police access to digital evidence. It outlines the domestic legal framework regarding data retention, interception of communications and access to stored data. It then considers the law governing cross-border requests for data. It assesses the extent to which these rules are adequate for law enforcement purposes and whether these rules are compatible with the European Convention on Human Rights, the Charter of Fundamental Rights and data protection standards.

The Introduction sketches the main technological and legal challenges LEAs face in criminal investigations when seeking to collect electronic evidence in the digital era. It gives an overview of the relevant legal framework at EU, Council of Europe and international level, including recent developments such as the e-Evidence Regulation and the Second Additional Protocol to the Cybercrime Convention, and identifies some missing pieces of the puzzle. Next, the chapter explains the main research objectives of this handbook, before presenting its overall structure and introducing the subsequent chapters.

Chapter 6 looks at how, in democratic societies, the regimes of data collection for the purposes of national security and law enforcement have traditionally been strictly separated. Yet, in the last two decades, complex challenges such as organised crime and terrorism have blurred the border between them, raising concerns about the use of data collected by intelligence agencies as evidence in criminal investigations. The chapter examines issues related to exchange of information between national security and criminal justice domains. It discusses problems associated with the inherent imbalance in aims, functions and safeguards between the two regimes. While considering the exchange of data between intelligence agencies and law enforcement inevitable, the chapter argues that the differences between the regimes create a danger of using national security frameworks to circumvent strict safeguards established in criminal procedure law. It suggests that robust safeguards and measures for accountability and oversight must become an integral part of frameworks that enable and facilitate data flows from the national security domain to criminal investigations.

Chapter 1 provides a broader picture of electronic evidence and digitalisation. After an overview of the latest EU digital and security strategies and their basic principles, it analyses specific far-reaching legislative instruments based on new ideas of EU criminal law prevention, reaction and cooperation in the digital age. It then analyses the main right affected by the new approach and instruments – the right to privacy – from a historical perspective and a modern understanding through concepts developed initially by the case law of the US Supreme Court. It addresses the question of what legal boundaries are necessary in the digital age for such a right to still be an effective one. Last, the chapter looks at the aspects of digitalisation in the EU criminal law justice area that pose the most questions when comparing digital cross-border cooperation with classical cross-border cooperation based on mutual recognition. It considers judicial (court) authorisation and its meaning, oversight and extraterritorial application of legislation in that regard.

Chapter 15 looks at the new set of investigative measures introduced by the reform of the Criminal Procedure Code in Spain, in 2015, which changed completely the approach to the investigation of cybercrime, transformed now into one of the most modern in Europe. The new regulation introduced the latest high-tech investigative tools, imposing a complete set of duties of cooperation on all internet service providers. However, the Spanish legislator failed to amend the domestic legal framework on electronic communications data retention, and so it is not compatible with the jurisprudence of the Court of Justice of the EU. This chapter describes the rules as developed and applied by the Spanish courts, before and after the amendments of the Criminal Procedure Code 2015, and several subsequent laws on digital data that, since then, have been adopted in reaction to the EU’s legal framework in the field.

Chapter 5 looks at dealing with digital or electronic evidence in criminal investigations and the complications that presents from a legal perspective. It focuses on the aspect of admissibility of digital evidence at the European level. It presents the main characteristics that make digital evidence so critical for the law of evidence, along with the digital forensics standards and guidelines that describe how to collect such data, developed by the most authoritative bodies at the international and European levels. Against this reconstruction, it highlights the scarce European statutory bases currently referring to the admissibility of evidence and, given their limits, moves to explore the jurisprudence of the European Court of Human Rights and the Court of Justice. On such grounds, it supports the need for the EU to equip itself with common admissibility criteria in general, and with specific admissibility rules concerning forensic evidence (including digital data) in particular.

Chapter 16 comparatively examines the national legislation in EU member states in order to reveal common patterns and differences in legal rules and their practical application with respect to gathering digital evidence for the purpose of criminal investigations. The study is essentially based on the information provided in the preceding book chapters, covering seven national legal systems selected for this research: Belgium, Estonia, Germany, Ireland, Luxembourg, Poland and Spain. The comparative analysis investigates not only the rules on access to digital evidence but also their broader legislative context. Indeed, before analysing how data can be obtained, it is important to understand the legal terminology and categorisations used in the different legal systems, as well as the national rules on data retention in light of the case law of the Court of Justice of the EU.

The Conclusion describes how, while the handbook started with the main technological and legal challenges regarding collection of digital evidence, the research shows that even though the challenges are shared by legal systems across the globe, the answers are not. Legal solutions to similar problems are fragmented, disparate and often unsatisfactory. Even if technology-neutral solutions are preferable to make sure hard-fought EU legislation and international agreements can stand the test of time, the legal reality appears to be quite different. Despite positive recent legal developments at EU and international levels, future approximation of national approaches seems highly desirable to enable LEAs to conduct effective criminal investigations to protect society and its citizens from new criminal phenomena. At the same time, protection of citizens’ fundamental rights should be reinforced, not just at the national level but in a cross-border context, considering that many criminal investigations now reach beyond national borders. Global initiatives are, however, hampered by tensions between democratic and non-democratic states, making a one-size-fits-all solution inadequate.

Chapter 9 analyses the extent to which lawmakers have taken the peculiarities of e-evidence into account and highlights flaws in the resulting legal regime. It addresses the Belgian preservation of general data retention and the possibility to use unlawfully retained and/or accessed data. Next, it delves into the wide spectrum of duties for (internet) service providers to cooperate in criminal proceedings. It discusses the broad interpretation of the territorial scope of the Yahoo! and Skype case law from Belgian courts and its codification in subsequent legislation, including how voluntary cooperation with law enforcement remains important in practice. It briefly examines the legal framework for cross-border cooperation, often perceived as ineffective and needlessly time-consuming. Lastly, it sheds light on the potential impact of the EU e-Evidence Regulation, concluding that, under domestic legislation, a coherent, completely fundamental-rights-proof legal framework is still lacking. It shows Belgium’s support for a pan-EU regime and better international cooperation, provided its law enforcement can maintain the possibility of direct cooperation in a sufficiently effective way.

Chapter 20 focuses on the UK legal landscape around the investigatory powers of UK law enforcement authorities (LEAs) and the duties of service providers to cooperate with them. The primary legislative framework from which LEAs derive their powers to obtain digital evidence is the Investigatory Powers Act 2016. The chapter examines the different categories of data that may be requested from communication services providers and the legal procedures governing such lawful access. It also looks at other legal sources available to LEAs, to provide a comprehensive framework for cooperation between service providers and LEAs in obtaining digital evidence. Last, the chapter explores the cooperation of UK LEAs with non-UK-based service providers, as well as that of UK-based service providers with foreign LEAs.

Chapter 21 provides an account of the governing legal framework with respect to the gathering of digital evidence by US law enforcement authorities (LEAs) and the rules that bind US service providers – an issue that, given the quantity of data of interest in the hands of US-based providers, increasingly matters to LEAs around the world. It describes the general statutory and constitutional scheme governing data collection in the United States, with a focus on the federal level. It then examines specific questions with respect to cross-border cooperation, particularly in light of the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which seeks to better facilitate cross-border access to data, in specified circumstances, and in accordance with baseline procedural and substantive protections. The chapter’s concluding thoughts point to both the need for more attention to cross-border access to data and some of the lacunae in US law.

Chapter 17 discusses China’s Criminal Procedure Law, which provides a general cooperation obligation for all relevant entities, including service providers. As collecting data from service providers has become increasingly important in criminal investigations, the past decade has witnessed a certain number of laws, regulations and explanatory documents adopted to specify service providers’ cooperation obligations. This chapter systematically studies these provisions and summarizes the rich content of service providers’ cooperation obligations relating to collection of historical and real-time data in criminal investigations as well as in their daily operation. It also discusses future improvements to the current legislations, namely more protection of sensitive data, due process in evidence collection and criminal liability for service providers when cooperation obligations cannot be fulfilled. Based on China’s position of respecting data sovereignty, China requires data to be stored locally. Foreign LEAs can obtain data from Chinese service providers only via mutual legal assistance, and service providers in China are prohibited from providing data directly to foreign LEAs.