Law Enforcement Agencies Activities in the Cloud Environment - A European legal perspective
This paper, produced by the European Privacy Association and published on the International Journal “Information & Communications Technology Law”, deals with the complex relationship between Cloud Service Providers and government agencies responsible for the enforcement of the laws (Law Enforcement Agencies – ‘LEAs’).
The analysis focuses on the current and upcoming EU legal framework with the purpose of investigating whether the protection of EU citizens’ personal data from LEAs’ access is adequately guaranteed and assessing what are the main elements that have to be taken into account by Cloud Service Providers when dealing with LEAs’ requests.
The legal analysis is mainly based on the 2001 Council of Europe Cybercrime Convention (also known as Budapest Convention), which represents the key legal source on this matter because it specifically targets crime-related data, it has a broad scope, it was signed by a large number of parties, and it empowers signatory states to issue legislation that provides legal basis for LEAs’ requests.
The topic is extremely relevant in the view of the recent scandals (NSA/Datagate) and it seems to be very interesting for both cloud users and cloud providers in order to have a complete overview of the cloud scenario and to better understand the delicate balance between all these very relevant elements: LEAs’ requests, privacy, data protection regulations, confidentiality of information in the cloud and transparency.