The EncroChat Case: Exploring the Challenges of e-Evidence in Light of the Data Retention Saga and Key Takeaways for a Stronger EU Framework

Technological advancements have had an impact on all spheres of life, including the way people communicate. Instant messaging apps and social networks brought about a big change, facilitating the commission of crimes and paving the way for new methods of investigating them. Some countries are testing “smart” police forces and innovative tools, but those endeavors are not representative of what reality is like in most cases. Law enforcement authorities, in fact, are struggling to keep up with all the opportunities that digitalisation offers to criminals. A lack of appropriate staffing or resources intertwines with the complications of data-driven inquiries and either hinders effective investigations or leads to achievement of successful outcomes at the price of disproportionate fundamental rights breaches. In this context, a recent ruling by the CJEU, the EncroChat case, is particularly valuable. It serves to illustrate both the complexities of gathering data in the digital age and the need for a reliable legislative framework on e-evidence. The intricacies are mostly represented by a legal framework characterised by several legal instruments that do not optimally complement each other. They afford varying levels of fundamental rights safeguards which, in theory, appear understandable, but are actually difficult to be reconciled with the realities of what e-investigations entail in practice. A striking example is represented by the different treatment reserved to stored data and pieces of information obtained while in transit. Indeed, the former is more carefully handled than the latter. While such a differentiation might have been justified prior to the information revolution, in the long run, and in light of the complexities of a digitalised society, it may exacerbate existing problems. Indeed, the European Union’s system of judicial cooperation in criminal matters was crafted in such a way as to operate on the basis of reciprocal confidence. However, a legal framework based on such a stark distinction, might actually hinder mutual trust rather than upholding it. Therefore, the present work will illustrate the CJEU’s ruling in Case C-670/22 and subsequently address the elements that compose the scattered legal infrastructure on e-evidence. The focus will be primarily on the European Investigation Order, as well as the case law on Article 15 E-Privacy Directive. The following part, moreover, will consist in an analysis of the EncroChat case in light of the so-called data retention saga, in such a way as to emphasise the differences in treatment that the two aforementioned frameworks entail, especially with relation to the rights to privacy and the right to a fair trial. Lastly, it will be underlined how these divergences can be problematic and how implementing common minimum rules on admissibility of evidence might be instrumental in bringing about meaningful changes in the EU area of freedom, security and justice.