Top of page

Article European Union: Court of Justice Clarifies Evidentiary Use of Foreign Encrypted Data

On April 30, 2024, the Court of Justice of the European Union (CJEU) ruled that public prosecutors can request encrypted data from abroad and use it as evidence in cross-border criminal cases. The Regional Court of Berlin had requested a preliminary ruling from the CJEU on the lawfulness of collecting and using data from an encrypted telecommunications service called “EncroChat” received from another member state in the context of cybercrime investigations.

Facts of the Case

In investigations by French authorities concerning illegal drug trafficking in a cross-border case, it appeared that the accused individuals were using encrypted mobile phones that used EncroChat, a service used worldwide in illegal drug trafficking. A joint investigation team, including experts from the Netherlands and French police, infiltrated the chat using a Trojan software that was uploaded to the servers used for the chats. This software was then installed on phones using EncroChat. The investigation team was able to decrypt the data and transmit the communications, which led to several arrests. (Decision, paras. 19, 20.)

During a conference between representatives of different EU member states, representatives of France and the Netherlands provided other EU member states with information about the collected data. The German public prosecutor’s office requested a European Investigation Order (EIO) from the French authorities to use the encrypted communications in ongoing drug trafficking investigations. (Id. paras. 21, 26.) An EIO is an order issued or validated by a judicial authority of one EU country to have investigation measures taken in another EU country to gather evidence, or to obtain evidence already in the possession of another EU country. (Directive 2014/41/EU, art. 1, para. 1.)

The transmission and use of the EncroChat data was authorized by a French criminal court. Subsequently, in 2020, the German Federal Criminal Police Office (Bundeskriminalamt, BKA) and German public prosecutors received the data of EncroChat users from the French authorities. The data was shared via servers of Europol, the EU’s Agency for Law Enforcement Cooperation. (Decision, paras. 24-27.)

After receiving the data, the BKA was able to initiate more than 2,250 investigations and arrested more than 750 individuals who had used EncroChat. One of those cases, involving the trafficking of narcotics, was brought before the Regional Court of Berlin (Landgericht Berlin).

Referral to the CJEU

In an earlier case from April 2022, the German Federal Court of Justice (Bundesgerichtshof, BGH), Germany’s supreme court for civil and criminal cases, had ruled that the use of EncroChat data provided by French authorities as evidence was permitted. (BGH decision, para. 25.)

However, the Regional Court of Berlin did not agree with the decision of the Federal Court of Justice. In its opinion, only a court, and not a public prosecutor, could issue an EIO, and therefore the data could not be used as evidence. The Regional Court of Berlin submitted a request for a preliminary ruling to the CJEU to clarify whether the German investigation authorities had violated EU law in obtaining EncroChat data, and if so, how this violation affected the admissibility of the EncroChat data in criminal proceedings. (CJEU decision, para. 29.) According to Article 267 of the Treaty of the Functioning of the European Union (TFEU), a national court of a member state can request the CJEU to interpret EU law to ensure its uniform application.

The Decision

The CJEU held that an EIO for the transmission of evidence already in the possession of the competent authorities need not be issued by a judge if, under the law of the issuing state, the public prosecutor in a domestic case would be competent to order the transmission of that evidence. (Id. para. 77.)

The court stated that article 1 of the Directive 2014/41/EU does not determine the nature of the authority that is authorized to issue an EIO. (Id. para. 70.) The CJEU opined that the term “judicial authority” includes public prosecutors if they have “competence in the case concerned.” (Id. para. 73.) It ruled that a public prosecutor has such competence with respect to an EIO if, under the domestic law of the issuing state, the public prosecutor has the competence to order investigative measures for the transmission of evidence. (Id. para. 74.)

The CJEU further clarified that notice of surveillance of a communication service such as EncroChat must be given to the member state on whose territory the person under surveillance is located. (Id. para. 119.) This means that if German security authorities monitor a person in France via EncroChat, they must inform the French authorities.

Prepared by Eva Dauke, Law Library Intern, under the supervision of Jenny Gesley, Foreign Law Specialist

Law Library of Congress, May 30, 2024

About this Item

Title

  • European Union: Court of Justice Clarifies Evidentiary Use of Foreign Encrypted Data

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on loc.gov. These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Gesley, Jenny. European Union: Court of Justice Clarifies Evidentiary Use of Foreign Encrypted Data. 2024. Web Page. https://www.loc.gov/item/global-legal-monitor/2024-05-29/european-union-court-of-justice-clarifies-evidentiary-use-of-foreign-encrypted-data/.

APA citation style:

Gesley, J. (2024) European Union: Court of Justice Clarifies Evidentiary Use of Foreign Encrypted Data. [Web Page] Retrieved from the Library of Congress, https://www.loc.gov/item/global-legal-monitor/2024-05-29/european-union-court-of-justice-clarifies-evidentiary-use-of-foreign-encrypted-data/.

MLA citation style:

Gesley, Jenny. European Union: Court of Justice Clarifies Evidentiary Use of Foreign Encrypted Data. 2024. Web Page. Retrieved from the Library of Congress, <www.loc.gov/item/global-legal-monitor/2024-05-29/european-union-court-of-justice-clarifies-evidentiary-use-of-foreign-encrypted-data/>.