Law Enforcement Access to Data in the Clouds: Is the EU data protection legal framework up to the task?

Abstract

Cloud computing is taking place against the background of, and further contributes to, the legal complexity of the internet. This situation must be addressed not only in order to reap all cloud computing’s potential benefits, but also because the cloud has become both a source and a target for crime, specifically cybercrime. Consequently, the use of cloud computing draws the attention of law enforcement agencies (LEAs) while affecting rights recognized by the European Charter of Fundamental Rights, such as privacy and data protection. The purpose of this chapter is to analyse the impact on data protection of LEAs’ access to, and use of, data stored in cloud computing services, with a particular focus on the European Union legal framework, and to raise questions on the adequacy of the framework itself. This requires examining the interplay between data protection and cloud computing not only after, but also before the inception of an investigation. The analysis shows that the shortcomings of the data protection legal framework highlighted by cloud computing are a radicalization of existing problems concerning data protection and LEAs. Yet, to provide adequate protection for individuals, various aspects of current data protection laws need to be updated.