Considerations on COM(2018)226 - Harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
dossier COM(2018)226 - Harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings.
document COM(2018)226 EN
date July 12, 2023
 
(1) Network-based services can in principle be provided from anywhere and do not require a physical infrastructure, corporate presence, or staff in the country where the services are offered, nor in the internal market itself. As a consequence, it can be difficult to apply and enforce obligations laid down in national and Union law which apply to the service providers concerned, in particular the obligation to comply with an order or a decision by a judicial authority. This is the case in particular in criminal law, where Member States’ authorities face difficulties with serving, ensuring compliance and enforcing their decisions, in particular where relevant services are provided from outside their territory.

(2) Against that background, Member States have taken a variety of disparate measures to more effectively apply and enforce their legislation. This includes measures for addressing service providers to obtain electronic evidence that is of relevance to criminal proceedings.

(3) To that end, some Member States have adopted, or are considering adopting, legislation imposing mandatory legal representation within their own territory, for a number of service providers offering services in that territory. Such requirements create obstacles to the free provision of services within the internal market.

(4) There is a significant risk that other Member States will try to overcome existing shortcomings related to gathering evidence in criminal proceedings by means of imposing disparate national obligations in the absence of a Union-wide approach. This is bound to create further obstacles to the free provision of services within the internal market.

(5) Under the current circumstances, the resulting legal uncertainty affects both service providers and national authorities. Disparate and possibly conflicting obligations are

16

OJ C

p.

set out for service providers established or offering services in different Member States, which also subject them to different sanction regimes in case of violations. This divergence in the framework of criminal proceedings will likely further expand because of the growing importance of communication and information society services in our daily lives and societies. The foregoing not only represents an obstacle to the proper functioning of the internal market but also entails problems for the establishment and correct functioning of the Union’s area of freedom, security and justice.

(6) To avoid such fragmentation and to ensure that undertakings active in the internal market are subject to the same or similar obligations, the Union has adopted a number of legal acts in related fields such as data protection17. To increase the level of protection for the data subjects, the rules of the General Data Protection Regulation18 provide for the designation of a legal representative in the Union by controllers or processors not established in the Union but offering goods or services to individuals in the Union or monitoring their behaviour if their behaviour takes place within the Union, unless the processing is occasional, does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing or if the controller is a public authority or body.

(7) By setting out harmonised rules on the legal representation of certain service providers in the Union for receipt of, compliance with and enforcement of decisions issued by competent authorities in the Member States for the purposes of gathering evidence in criminal proceedings, the existing obstacles to the free provision of services should be removed, as well as the future imposition of divergent national approaches in that regard should be prevented. Level playing field for service providers should be established. Moreover, more effective criminal law enforcement in the common area of freedom, security and justice should be facilitated.

(8) The legal representative at issue should serve as an addressee for domestic orders and decisions and for orders and decisions pursuant to Union legal instruments adopted within the scope of Title V, Chapter 4, of the Treaty on the Functioning of the European Union for gathering evidence in criminal matters. This includes both instruments that permit the direct serving of orders in cross-border situations on the service provider, and instruments based on judicial cooperation between judicial authorities under Title V, Chapter 4.

(9) Member States shall ensure that the obligation to designate a legal representative is immediate, that is from the date of transposition set out in Article 7 for service

18

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1); Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1).

7

providers that offer services in the Union at that date, or from the moment service providers start offering services in the Union for those service providers that will start offering services after the date of transposition.

(10) The obligation to designate a legal representative should apply to service providers that offer services in the Union, meaning in one or more Member States. Situations where a service provider is established on the territory of a Member State and offers services exclusively on the territory of that Member State, should not be covered by this Directive.

(11) Notwithstanding the designation of a legal representative, Member States should be able to continue addressing service providers established on their territory, be it in purely domestic situations, be it after receipt of a request for assistance under legal instruments on mutual legal assistance and on mutual recognition in criminal matters.

(12) The determination whether a service provider offers services in the Union requires an assessment whether the service provider enables legal or natural persons in the Union to use its services. However, the mere accessibility of an online interface (for instance the accessibility of the service provider’s or an intermediary’s website or of an email address and of other contact details) taken in isolation should not be a sufficient condition for the application of this Directive.

(13) A substantial connection to the Union should also be relevant to determine the ambit of application of this Directive. Such a substantial connection to the Union should be considered to exist where the service provider has an establishment in the Union. In the absence of such an establishment, the criterion of a substantial connection should be assessed on the basis of the existence of a significant number of users in one or more Member States, or the targeting of activities towards one or more Member States. The targeting of activities towards one or more Member States can be determined on the basis of all relevant circumstances, including factors such as the use of a language or a currency generally used in that Member State, or the possibility of ordering goods or services. The targeting of activities towards a Member State could also be derived from the availability of an application (‘app’) in the relevant national app store, from providing local advertising or advertising in the language used in that Member State, or from the handling of customer relations such as by providing customer service in the language generally used in that Member State. A substantial connection is also to be assumed where a service provider directs its activities towards one or more Member States as set out in Article 17(1)(c) of Regulation 1215/2012 on jurisdiction and the recognition and enforcement of judgements in civil and commercial matters. On the other hand, provision of the service in view of mere compliance with the prohibition to discriminate laid down in Regulation (EU) 2018/30219 cannot be, on that ground alone, be considered as directing or targeting activities towards a given territory within the Union. The same considerations should apply to determine whether a service provider offers services in a Member State.

(14) Service providers obliged to designate a legal representative should be able to choose to that effect an existing establishment in a Member State, be it a corporate body or a branch, agency, office or a main seat or headquarters, and also more than one legal

19

Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC (OJ L 601, 2.3.2018, p. 1).

representative. Nevertheless, a corporate group should not be forced to designate multiple representatives, one for each undertaking part of that group. Different instruments adopted within the scope of Title V, Chapter 4, of the Treaty on the Functioning of the European Union apply in the relationships between Member States when gathering evidence in criminal proceedings. As a consequence of this ‘variable geometry’ that exists in the common area of criminal law, there is a need to ensure that the Directive does not facilitate the creation of further disparities or obstacles to the provision of services in the internal market by allowing service providers offering services on their territory to designate legal representatives within Member States that do not take part in relevant legal instruments, which would fall short of addressing the problem. Therefore, at least one representative should be designated in a Member State that participates in the relevant Union legal instruments to avoid the risk of weakening the effectiveness of the designation provided for in this Directive and to make use of the synergies of having a legal representative for the receipt of, compliance with and enforcement of decisions and orders issued in the context of gathering evidence in criminal proceedings, including under the [Regulation] or the 2000 Mutual Legal Assistance Convention. In addition, designating a legal representative, which could also be utilised to ensure compliance with national legal obligations, makes use of the synergies of having a clear point of access to address the service providers for the purpose of gathering evidence in criminal matters.

(15) Service providers should be free to choose in which Member State they designate their legal representative, and Member States may not restrict this free choice, e.g. by imposing an obligation to designate the legal representative on their territory. However, the Directive also contains certain restrictions with regard to this free choice of service providers, notably that the legal representative should be established in a Member State where the service provider provides services or is established, as well as the obligation to designate a legal representative in one of the Member States participating in judicial cooperation instruments adopted under Title V of the Treaty.

(16) The service providers most relevant for gathering evidence in criminal proceedings are providers of electronic communications services and specific providers of information society services that facilitate interaction between users. Thus, both groups should be covered by this Directive. Providers of electronic communication services are defined in the proposal for a Directive establishing the European Electronic Communications Code. They include inter-personal communications such as voice-over-IP, instant messaging and e-mail services. The categories of information society services included here are those for which the storage of data is a defining component of the service provided to the user, and refer in particular to social networks to the extent they do not qualify as electronic communications services, online marketplaces facilitating transactions between their users (such as consumers or businesses)and other hosting services, including where the service is provided via cloud computing. Information society services for which the storage of data is not a defining component, and for which it is only of an ancillary nature, such as legal, architectural, engineering and accounting services provided online at distance, should be excluded from the scope of this Directive, even where they may fall within the definition of information society services as per Directive (EU) 2015/1535.

(17) Providers of internet infrastructure services related to the assignment of names and numbers, such as domain name registrars and registries and privacy and proxy service providers or regional internet registries for internet protocol (‘IP’) addresses, are of particular relevance when it comes to the identification of actors behind malicious or

compromised web sites. They hold data that is of particular relevance for criminal investigations as it can allow for the identification of an individual or entity behind a web site used in criminal activity, or the victim of criminal activity in the case of a compromised web site that has been hijacked by criminals.

(18) The legal representative should be able to comply with decisions and orders addressed to them by Member States’ authorities on behalf of the service provider, which should take the appropriate measures to ensure this result, including sufficient resources and powers. The absence of such measures or their shortcomings should not serve as grounds to justify non-compliance with decisions or orders falling into the ambit of application of by this Directive, neither for the service provider nor its legal representative.

(19) Service providers should notify the Member State in which the legal representative resides or is established of the identity and contact details of their legal representative, as well as related changes and updates of information. The notification should also provide information about the languages in which the legal representative can be addressed, which should include at least one of the official languages of the Member State where the legal representative resides or is established, but may include other official languages of the Union, such as the language of its headquarters. When the service provider designates more than one legal representative, it may also notify considerations to determine which one should be addressed. These considerations are not binding for Member States’ authorities, but should be followed except in duly justified cases. All this information, which is of particular relevance for Member States’ authorities, should be made publicly available by the service provider, for example on its website, in a manner comparable to the requirements for making available general information pursuant to Article 5 Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market20(e-Commerce Directive). For those service providers subject to the e-Commerce Directive, Article 3(3) complements but does not replace these requirements. Furthermore, Member States should also publish the relevant information for their country on a dedicated site of the e-Justice portal to facilitate coordination between Member States and use of the legal representative by authorities from another Member State.

(20) The infringement of the obligations to designate a legal representative and to notify and make publicly available the information related thereto should be subject to effective, proportionate and dissuasive sanctions. Under no circumstances should the sanctions determine a ban, permanent or temporary, of service provision. Member States should coordinate their enforcement action where a service provider offers services in several Member States. To ensure a coherent and proportionate approach, a coordination mechanism is provided. The Commission could facilitate such coordination if necessary, but needs to be informed of cases of infringement. This Directive does not govern the contractual arrangements for transfer or shifting of financial consequences between service providers and legal representatives of sanctions imposed upon them.

20

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ L 178, 17.7.2000, p. 1).

(21) This Directive is without prejudice to the investigative powers of authorities in civil or administrative proceedings, including where such proceedings can lead to sanctions.

(22) In order to ensure the application of the Directive in a consistent manner, additional mechanisms for the coordination between Member States should be put in place. For that purpose, Member States should designate a central authority that can provide central authorities in other Member States with information and assistance in the application of the Directive, in particular where enforcement actions under the Directive are considered. This coordination mechanism should ensure that relevant Member States are informed of the intent of a Member State to undertake an enforcement action. In addition, Member States should ensure that central authorities can provide each other with assistance in those circumstances, and cooperate with each other where relevant. Cooperation amongst central authorities in the case of an enforcement action may entail the coordination of an enforcement action between competent authorities in different Member States. For the coordination of an enforcement action, central authorities shall also involve the Commission where relevant. The existence of the coordination mechanism does not prejudice the right of an individual Member State to impose sanctions on service providers that fail to comply with their obligations under the Directive. The designation and publication of information about central authorities will facilitate the notification by service providers of the designation and contact details of its legal representative to the Member State where its legal representative resides or is established of the designation and contact details.

(23) Since the objective of this Directive, namely to remove obstacles to the free provision of services in the framework of gathering evidence in criminal proceedings, cannot be sufficiently achieved by the Member States, but can rather, by reason of the borderless nature of such services, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(24) The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council21 and delivered an opinion on (…)22,

(25) The Commission should carry out an evaluation of this Directive that should be based on the five criteria of efficiency, effectiveness, relevance, coherence and EU value added and should provide the basis for impact assessments of possible further measures. The evaluation should be completed 5 years after entry into application, to allow for the gathering of sufficient data on its practical implementation. Information should be collected regularly and in order to inform the evaluation of this Directive.

22

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1). OJ C , , p. .

21