© coe.int

The 24th plenary of the Cybercrime Convention Committee (T-CY), representing the Parties to the Budapest Convention, has approved the draft “2nd Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence”.

“Criminals have stepped up their activities, exploiting changes to the ways in which people live and work, at a moment of hardship and real vulnerability. The devices, victims and evidence of these crimes are often spread across multiple jurisdictions”, said Deputy Secretary General of the Council of Europe Bjorn Berge in his opening remarks. And: “This Protocol will facilitate more effective investigations and ensure that the rule of law reaches deeper into cyberspace than ever before.”

The Protocol will provide for innovative tools to obtain the disclosure of electronic evidence, including through direct cooperation with service providers in other Parties and more efficient ways of public-to-public cooperation. Two articles permit instant cooperation in emergency situations where lives are at risk. The draft Protocol also promotes joint investigations by Parties. These tools are accompanied by a set of safeguards to protect human rights and fundamental freedoms, including in particular a detailed article on the protection of personal data.

Experts from the currently 66 States that are Parties to the Budapest Convention from Africa, the Americas, Asia-Pacific and Europe participated in its preparation. More than 95 drafting sessions – many of them in virtual format following the onset of the COVID-19 pandemic – were necessary to resolve complex issues related to territoriality and jurisdiction, and to reconcile the effectiveness of investigations with strong safeguards.

“The process of negotiations was not an easy path. Matters related to information technology nowadays intersect with all aspects of our life and

with core interests of States, the private sector and individuals. Therefore, it is an outstanding achievement to have reached consensus on an instrument that is breaking new ground and foresees strong data protection standards”, underlined Cristina Schulman, Chair of the T-CY.

The draft Protocol takes into account submissions received from civil society organisations, data protection experts and industry in the course of six rounds of consultations. Further adjustments were made to the draft text following the last meeting with stakeholders on 6 May 2021.

“With this Protocol, the Budapest Convention will remain highly relevant and will continue to stand for a free and open internet, where restrictions are limited to cases of criminal misuse. Given current international divisions on all things cyber, we can be satisfied that we have reached consensus on solutions to difficult questions that can work in different legal systems”, added Alexander Seger, Executive Secretary of the T-CY.

Following T-CY approval of the draft Protocol on 28 May, it will now be considered by relevant Council of Europe bodies. Formal adoption is expected in November 2021 – on the occasion of the 20th anniversary of the Budapest Convention – and opening for signature in early 2022.