It has been a hectic few weeks in the world of e-evidence, at least at European level. As more and more evidence becomes electronic, and as it is often sought cross-border because service providers such as Facebook or Microsoft are headquartered in another country, the law and court decisions on e-evidence become more important.
I start with an important court judgment. Back in 2020, news broke that a secret communications system (EncroChat) used by criminals to trade drugs and guns had been successfully penetrated in a cross-European operation involving French and Dutch police, Europol and the UK National Crime Agency. There were up to 10,000 UK users of EncroChat, which was based in France and closed itself down shortly afterwards. There were 746 immediate arrests in the UK.
Given that the traditional UK position is that intercepts are not admissible as evidence, there were challenges to the EncroChat evidence being used against defendants in UK courts. That matter was resolved by the Court of Appeal in A, B, D & C v Regina in 2021. The court held that, because the evidence was not actually being transmitted at the time it was taken but instead was stored, the usual prohibition did not apply and the evidence could be used. There have been later cases, too, confirming the admissibility of EncroChat evidence.
Now the Court of Justice of the European Union has given a decision on the circumstances in which EncroChat evidence can be used cross-border in the EU, in Case C‑670/22 (Criminal proceedings against M.N. (EncroChat)).
Essentially, intercept evidence held by the executing state which holds the evidence (France in this case) can be passed to another member state which is the issuing authority of a European Investigation Order (Germany in this case) if the issuing authority’s national law allows it. Which national law is relevant in such cases – the law relating to gathering the evidence or to transmitting the evidence? The CJEU said that the national law of transmitting the evidence is the relevant test. Indeed, the German issuing authority is not authorised to review the lawfulness of how the evidence was gathered by France, because of mutual recognition of judgments and judicial decisions.
Among other things, the court also said:
- if a member state is infiltrating terminal devices to obtain intercept evidence in another member state, it is obliged to notify that member state – and the notified member state may then stop the intercept or disallow its usage in legal proceedings;
- national law is sovereign in determining the admissibility and assessment of information and evidence in a criminal trial, when it has been obtained in a manner contrary to EU law; and
- the rights of the defence and the fairness of the proceedings must be respected in this procedure. So if a court takes the view that a party is not in a position to comment effectively on an influential piece of evidence, the court must find an infringement of the right to a fair trial and disregard that evidence.
At the same time as the judgment was being considered and issued, the European Commission was (and is) busy working with member states on the implementation of the e-evidence regulation (Regulation (EU) 2023/1543 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings). This is of relevance to the UK because parts relate to the production and preservation of evidence also in third countries, such as the UK.
This new law, which will come into force in August 2026, has some novel features. It allows lawyers (and not only the courts and prosecution) to request the issue of orders for the production and preservation of e-evidence; and, despite being a regulation which applies immediately on implementation in all member states without their having to pass a law to implement it, it relies heavily on national law so will have different outcomes in different member states.
Regarding reliance on national law, the member states differ widely on how they handle e-evidence. In particular from a lawyer’s perspective, member states differ on how they treat lawyer-client confidentiality, which will be a key factor in implementation.
For instance, it is not clear whether all the member states’ laws and professional rules include the various kinds of data covered by the regulation within their scope of lawyer-client confidentiality, namely subscriber data, traffic data, content data – and metadata, too.
We do not need to bother ourselves here with the intricate details. But UK lawyers may become involved when a lawyer based here wants to assert privilege over client data in a production or preservation order issued from within the EU. Will our national rules on privilege apply?
As I said at the outset, we can expect this space to continue to produce novelties.
Jonathan Goldsmith is Law Society Council member for EU & International, chair of the Law Society’s Policy & Regulatory Affairs Committee and a member of its board. All views expressed are personal and are not made in his capacity as a Law Society Council member, nor on behalf of the Law Society
No comments yet