Unresolved jurisdictional issues in law enforcement access to data

Chapter 2 outlines normative challenges related to jurisdiction over data residing abroad. It illustrates how the law enforcement process involves different types of jurisdictional claim and highlights the challenges in bundling investigative measures with invasive enforcement measures. It also highlights that the traditional focus on territoriality does not meet the needs of law enforcement efforts in fighting cybercrime. Rather, basing claims of jurisdiction to enforce strictly on the location of data raises several questions in terms of the threshold of breaching sovereignty and the legality of accessing such data under international law. Further, the chapter looks at the inadequacies associated with single-factor jurisdictional tests and points to the need for multi-factor assessments. It discusses key actors being placed in a position where compliance with one state’s law necessitates violation of another’s. Last, it analyses international attempts to solve issues of transborder access to data, including the Council of Europe’s Second Additional Protocol to its Budapest Convention, the EU e-Evidence Regulation, the US CLOUD Act and the EU–US CLOUD Act agreement negotiations.