Menu
Fundación para la Investigación sobre el Derecho y la Empresa





Legitimate Access to authorities to personal data stored overseas and the mechanisms of international cooperation.


Last 29th of March a session regarding this matter was held at FIDE, with the interventions of Kim Gazne, Senior Institutional Relations Director at Microsoft, Juan Montero Rodil, Competence, Regulations and Privacy Director at Telefónica, Elvira Tejada, cyber-crimes prosecutor, and Eloy Velasco, Magistrate of the High National Court.
The session was presented by Ricard Martínez, Chairman of APEP, and member of FIDE’s Academic Council.



Main objectives of this session:
  • Analyze the effectiveness of international judicial assistance treaties in the matter of personal data stored abroad.  
  • Consider the questions that are yet to be answered by international laws, judges and attorneys, not only in the fight against cyber-crimes, but in those cases where information technologies (IT) are involved as well.
  • Establish a balance between national sovereignty, the right to intimacy and its protection, national security and facilitating the authority’s investigations. 
  • Share the experiences and challenges that global tech-companies are exposed to, their organizational complexity, and their commitment to abide by the local legal framework wherever they operate.   
  • Learn the views of jurisdictional bodies, cyber-crime specialized attorneys, and the necessities they have to equip themselves with efficient judicial tools in order to achieve their goals, as well as the limitations of their judicial systems.
  • Contribute to the understanding of the impact judicial activity has on IT, the relevance and pertinence of judicial assistance treaties, and the social demand for transparence and respect of personal intimacy within legal limits.
Previous considerations.

To fully appreciate the true significance of the debate that took place during the session it is indispensable to know that the contributions come from two very distinguished judicial models.

From a national point of view, we part from a national jurisprudence that’s very precise in matters of communications secrets. From this point of view, various sentences of the European Court of Human Rights - see for instance “Valenzuela Contreras vs Spain”-,as well as the Constitutional Court have set up a normative framework characterized by strict judicial control in extreme cases such as those involving physical access to a smartphone. Moreover, the European Court of Justice has contributed to the specificity of the content on fundamental laws of data protection and communications secrets with regards to traffic data conservation in the case of Digital Rights Ireland.

Thus, to the national reader, it might seem strange that a local company refuses to share information with foreign authorities. To fully comprehend the debate at hand, it is necessary to be aware of the North American tradition to limit the State’s powers and reach. As it so happens, one of the strongest manifestations of such a tradition is for the right to ensure that all entries and registries, as well as intercepted communications honor scrupulously the Fourth Amendment and undergo the due process of law. To this we must add the existence of a diffuse constitutional control model, that, without diminishing our judges efforts to defend the Constitution, grants a particular significance to claims such as the one brought forward by Microsoft. 

Development of the interventions.

First Session: The Business Perspective

Kim Gagne- Senior Institutional Relations Director at Microsoft-, approached the debate’s main topic from a double view point. Sociologically speaking, north Americans are tumultuous not only by the increased terrorist activity that began with September-11, but also by the light shone on authorities’ actions regarding the interception of internet communications.

Legislation must evolve as times do. It is surprising that the traditional tutelage of letters is not transferred to electronic mail. Thus, if Microsoft commits to abide by its legal obligations, clients should expect the defense of their rights, particularly when hiring Cloud. In this cloud computing model, which not only involves data storage, but also the use of software resources, trust is crucial, and this forces the supplier to maintain a balance between security protocols, and the fight against terrorism that such protocols generate.
In practice, when faced with a request from the authorities, the company evaluates its provenance, and whether or not it falls within legal limits. Nonetheless, it has faced requests for access to customer data information of customers located in European territory. In this case, in conflict with another country’s sovereignty and a treaty on judicial assistance and cooperation, it is Microsoft’s belief that opting to utilize this resource is the way to go. This decision is backed by up to 28 other companies. 

To conclude, it’s pointed out that the task of guaranteeing their client’s fundamental rights will be carried out to every extent.  
  • In court of Law, including the US Supreme Court.
  • Before the United States Congress.
  • Before the European Parliament.
All this ensuring the law is scrupulously followed, and appealing for the improvement of cross-border cooperation.

Juan Montero Rodil, - Competence, Regulations and Privacy Director at Telefónica- also highlighted the scrupulous respect towards the right to intimacy, communication’s secrets and client’s personal data protection. It’s a matter of balancing these rights with the right to personal freedom. In this regard, the question is not considered a conflict, but rather a matter of double responsibility, with the client in one side, and the State in the other.
 In this regard, the Company:
● Does not question current regulations.
● Complies with the legal mandates and considers the existing judicial safeguards system to be adequate, cooperating loyally and efficiently with judicial authorities. 
On the other hand, he emphasized on the intervention not only within the frame of the October 18th, 25/2007 Law, regarding the conservation of data relative to electronic communications and to public communications networks, but also to the substantial evolution of procedural law with regards to communications. In some way, the precision achieved by technological investigation mechanisms, although with nuances, offers legal security.
In any case, the weight of third countries’ requests through mechanisms of judicial aid is very low. Furthermore, the proceeding characterized by a previous judicial evaluation offers a degree of security to the company.
The attending public raised the following questions:
  • The current situation as of the application of the October 18th, 25/2007 Law, regarding the conservation of data relative to electronic communications and to public communications networks.
  • Guarantees before U.S authorities’ petitions.
  • The importance of a fast response after an attack.
  • Respect towards due proceedings.
  • Establishing proportional conditions for the limitation of fundamental rights.
  • Extraterritorial reach of data-access requests.
  • The necessity to reach international consensus and to harmonize the legal framework.
Second session. Administration of Justice’ perspective.

Elvira Tejada, cyber-crimes prosecutor, elaborated a panoramic analysis of the current legislation. She particularly emphasized on the new additions introduced by the Organic Law 13/2005 on October 5th, amending the Criminal Procedure Act to strengthen procedural safeguards and regulation of technological research measures, highlighting the regulation on the conditions and guarantees required for access and inclusion to the processing of stored computer data.

The innovations seem particularly interesting when considering as obliged subjects “all providers of: telecommunications services, access to a communications network or information society services, as well as any other person that contributes in any way to facilitate communications whether by telephone, or any other mean or telematics communications systems.

Henceforth, it would no longer be limited to communications companies, but also to internet service providers, and even communications within a company.

Also exposed were the conditions and obligations to attend data requirements, from a formal point of view, duly required, as well as material including data communications traffic on the provisions of Law 25/2007.

Moreover, the importance of the Budapest Convention and some of its related aspects were highlighted:
● The so called preventive blockages.
● Direct computer records.
● Remote computer records accessible through a terminal set in Spain.
Experience recalls an instance in which the US Justice Department was saturated by the incoming access solicitations to stored data. In this respect, the fundamental character of international treaties and the need for adequate operating emergency mechanisms were considered. 

Eloy Velasco, Magistrate of the High National Court-, began his intervention addressing different cases, (Riley v. California and San Bernardino), and quoting a study carried out by the Pew Research Center, with the purpose of emphasizing the importance of mechanisms to unlock mobile devices. 
In the balance between freedom and security, in the case of businesses business freedom of the right to private property, even though they are fundamental rights, they do not lay on the same plane, and are limited by their social role. In our case, what’s being sought out is citizen protection, the protection of persons from violence. Security, was stated, comes prior to freedom.

From a Spanish point of view, in such cases the weighing of the goods in conflict is the judge’s responsibility, not the company’s.

The audience dedicated the second session’s debate time to intensely consider the role judges must play, the limitation of rights against state’s actions, and the conditions that should govern the matter of resolving conflicts between rights.
 
  




L M M J V S D
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      












Semblanzas Fide

Síguenos en redes sociales
Facebook
Twitter
LinkedIn
YouTube Channel
Rss