Law Enforcement Agencies' activities in the cloud environment: a European legal perspective

The paper aims at discussing some major issues in relation to the complex and highly debated relationship between Cloud Service Providers (‘CSPs’) and government agency responsible for the enforcement of the laws (Law Enforcement Agencies – ‘LEAs’). Our analysis focuses on the EU situation and investigates whether the protection of personal data of EU citizens against LEAs' access is adequately guaranteed and what are the main elements that have to be taken into account by CPSs when dealing with LEAs' requests. After a brief overview of the existing international scenario, the legal grounds of LEAs' activities in the cloud is examined. The main focus is on the Council of Europe Cybercrime Convention, regarded by the EU Commission as ‘the main legal instrument’ in the fight against cybercrime. The whole analysis is applied to the relationship between CSPs and their clients. We consider the position recently expressed by the Art. 29 Working Party on cloud computing (opinion no. 5/2012) and the European Cloud Strategy. In our conclusions we highlight the very delicate position of CSPs, precisely taken between an obligation to comply with LEAs' requests, data protection regulations and obligations of transparency towards their clients.