As the Octopus Conference “Cooperation against Cybercrime” kicks off today, we are also celebrating 20 years of the Council of Europe’s Convention on Cybercrime, known as the Budapest Convention. For two decades this treaty has been the primary instrument to tackle international cybercrime, with 78 states that are parties, signatories or have been invited to accede.
The Convention is a successful example of how law enforcement interests can be balanced with human rights, democracy, and the rule of law; three basic values which the Council of Europe protects and promotes. It has also improved coordination and cooperation between law enforcement agencies in like-minded countries.
As a company, we are strongly committed to safeguarding users’ privacy, security, and safety, and their fundamental rights, as outlined in our Trusted Cloud Principles. To honor this commitment, Microsoft has partnered with the Council of Europe’s Global Project on Cybercrime since 2006. In 2013, we expanded our work with an agreement to bolster our efforts in assisting countries’ implementation of the Budapest Convention. Since then, our engagement with the Council of Europe has evolved to include other areas related to the rule of law and human rights through the Partnership with Digital Companies program.
Following the adoption of the 2nd Additional Protocol on enhanced cooperation and disclosure of electronic evidence, it is worth reflecting on its origins.
The Budapest Convention was initially intended to harmonize cybercrime laws and address the limited number of cross-border investigations into and prosecution of online crime. More recently, the focus has shifted to address the challenges of gathering digital evidence, from basic subscriber information needed to identify suspects, to collecting online communication content increasingly hosted by global service providers that are subject to laws in multiple jurisdictions.
The 2nd Additional Protocol improves law enforcement efforts by clearing bureaucratic hurdles to cross-border data access requests and introduces a comprehensive set of instruments to facilitate judicial cooperation in criminal matters. Most importantly, it upholds procedural rights standards, as well as data protection and privacy safeguards. The new Protocol will also reduce conflicts of law and ensure that companies deliver on commitments to their customers. We see it as an important tool to help navigate the online environment of the future.
The U.S. and EU contribution to the negotiations of the Protocol is an important aspect when considering existing challenges to transatlantic data flows. While European institutions still need to reach an agreement on new European e-evidence access rules to continue negotiations on the transatlantic law enforcement agreement, the 2nd Protocol is an important step to advance the latter.
We believe a rapid adoption of the e-evidence proposal, a swift ratification of the 2nd Additional Protocol and a robust EU-U.S. law enforcement agreement will establish a lasting solution with respect to data access for law enforcement purposes through modern and principled bilateral and multilateral agreements.
The Budapest Convention clearly demonstrates that these efforts can be pursued in an environment where countries respect each other’s national sovereignty, as well as the fundamental rights and liberties of all citizens.