The European Data Protection Board (EDPB) on 4 November published a statement [*] on recommendations by a European High-Level Group that undermine the digital communications secrecy principle.

EDPB summarizes the statement as follows:

The statement on the recommendations of the HLG on access to data for effective law enforcement underlines that fundamental rights must be safeguarded when law enforcement agencies access the personal data of individuals. While the EDPB supports the aim of effective law enforcement, it points out that some of the HLG’s recommendations could cause serious intrusiveness vis-à-vis fundamental rights, in particular the respect for privacy and family life.

While the EDPB positively notes the recommendation may lead to the establishment of a level-playing field on data retention, it considers that a broad and general obligation to retain data in electronic form by all service providers would create a significant interference with the rights of individuals. Therefore, the EDPB questions whether this would meet the requirements of necessity and proportionality of the Charter of Fundamental Rights of the EU and the CJEU jurisprudence.

In its statement, the EDPB also emphasizes that the recommendations concerning encryption should not prevent its use or weaken the effectivity of the protection it provides. For example, the introduction of a client-side process allowing remote access to data before it is encrypted and sent on a communication channel, or after it is decrypted at the recipient, would in practice weaken encryption. Preserving the protection and effectivity of encryption is important to avoid that the respect for private life and confidentiality is negatively impacted and to ensure that the freedom of expression and economic growth, which depend on trustworthy technologies, are safeguarded.

More information:

• The announcement EDPB in the last part of this article.
• The statement is found through this page: Statement 5/2024 on the Recommendations of the High-Level Group on Access to Data for Effective Law Enforcement, statement (pdf).
• Netzpolitik: Going Dark:  Europäische Datenschutzbehörden warnen vor gefährlichen Entschlüsselungsplänen.

More on this website on Going Dark and on chatcontrol.

Addition 26 November 2024
Eucrim publications on encryption:
# New Report on Encryption by EU Innovation Hub, 9 August 2024;
# Law Enforcement Experts: Action against End-to-End Encryption Needed, 31 July 2024.

From the August 2024 article:

According to the report, a framework to access encrypted communications is steadily taking shape in the EU. Although the newly adopted e-evidence package s a step in the right direction, namely towards enhancing law enforcement access to electronic evidence, many questions remain concerning the admissibility of evidence gathered from encrypted communication channels and the challenges arising from various technologies. (…) The report draws the following conclusions: (…)
* A wider debate on the introduction/use of alternative means of bypassing encryption (e.g. client-side scanning) is necessary. (…)
* Interception technologies for user identification should be a legal requirement for the next generation of mobile networks (5G and 6G).

The report mentioned was produced by ‘The EU Innovation Hub voor Internal Security’, consisting of Europol, Eurojust, DG HOME, JRC, the European Council’s Counter-Terrorism Coordinator and eu-LISA.

Illustration on the Europol site, page 1: