According to a report by the Electronic Frontier Foundation (EFF), the Parliamentary Assembly of the Council of Europe (PACE) reviewed a surveillance treaty, drafted by the Council of Europe’s (CoE) Cybercrime Convention Committee, during a September 2021 virtual hearing. The treaty, known as the Second Additional Protocol to the Budapest Convention on Cybercrime, would give law enforcement invasive access to user information while conducting criminal cross-border investigations.
EFF maintains this treaty does not contain all the necessary guidelines to preserve digital privacy and prevent unwarranted data collection. However, the authors of the treaty—prosecutors, law enforcement, and public safety officials—argue the text provides adequate safeguards for individuals, while considering the needs and goals of multiple law enforcement agencies across several states.
In August 2021, EFF along with European Digital Rights (EDR), the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC), and other advocacy groups submitted twenty comprehensive recommendations to PACE, urging the Assembly to amend the treaty before its approved by CoE. Article 14, for example, establishes insufficient privacy protections, which can be sidestepped if “countries have other arrangements in place.”
Another part of the treaty organizations pushed to change was Article 7, which grants law enforcement agencies unfettered access to internet companies’ subscriber data. This means any country that requires legal authorization to distribute internet companies’ subscriber information must amend their laws so that they may send once private information straight to foreign entities.
In January 2022, EFF reported that the treaty was approved by CoE on November 17, 2021, and while some of the recommendations made by EFF, EDR, CIPPIC, and other organizations were reflected in the Protocol’s final text, the vast majority were outright ignored. To date, sixty-six countries have adopted the treaty, which will be open for signatures in May 2022. As of February 2022, the Protocol has flown under the radar of the corporate news media.
Karen Gullo, “Cross Border Police Surveillance Treaty Must Have Clear, Enforceable Privacy Safeguards, Not a Patchwork of Weak Provisions,” Electronic Frontier Foundation, September 28, 2021.
Katitza Rodriguez and Karen Gullo, “EFF to Council of Europe: Flawed Cross Border Police Surveillance Treaty Needs Fixing—Here Are Our Recommendations to Strengthen Privacy and Data Protections Across the World,” Electronic Frontier Foundation, August 30, 2021.
Katitza Rodriguez and Karen Gullo, “Cross-Border Access to User Data by Law Enforcement: 2021 Year in Review,” Electronic Frontier Foundation, January 3, 2022.
Student Researcher: Jordan Lambert (SUNY Cortland)
Faculty Evaluator: Christina Knopf (SUNY Cortland)