The Crime (Overseas Production Orders) Act 2019 marks a major departure in the current mutual legal assistance regime in relation to gathering electronic evidence from overseas. Receiving Royal Assent on the 12 February 2019, the act gives powers to law enforcement to apply for an Overseas Production Order (OPO) to obtain electronic data directly from service providers based outside the UK for the purposes of criminal investigations and prosecutions for serious crime (see my related blogs here and here).
The Act marks a sea-change for law enforcement co-operation: it has been billed as a way of overcoming mutual legal assistance (‘MLA’) procedures that are cumbersome and time consuming.
Though the Act has been passed, it rests on specific international agreements being secured, the first of which we expect to be with the US, which is a particular priority given the location of most global technology companies/service providers. Negotiations have been taking place with the US since 2015, with the US passing the Clarifying Lawful Overseas Use of Data Act (known as the “CLOUD Act”) in March 2018.
Though a positive development for law enforcement (as put by Ben Wallace MP, Economic Crime Minister, the Act will bring in “a step change in capability to access the vital data needed to investigate some of the worst crimes perpetrated against our constituents”), a number of concerns were raised as the Bill progressed through parliament regarding the need for greater safeguards to protect individuals. Circumventing a judicial/competent authority in the Executing State means that checks and balances that would normally appear in the context of cross border evidence gathering and instruments of mutual recognition are missing. Moreover, the question of assurances in relation to the death penalty was vigorously debated in the Houses of Parliament.
During the Bill’s passage in the House of Lords, an amendment was attached which would prevent the UK from making the necessary treaty with the US unless it received assurances that data sent across the Atlantic would not lead to the death penalty. In the Commons, the Minister (Ben Wallace) rejected this position stating that:
“having looked back over 20 years, we have not been able to find a single case whatsoever where only the data that the Bill deals with would have led to a death penalty overseas.” He went on to say “this is about data, not people. Extradition from the UK is dealt with by separate legislation and Her Majesty’s Government are already prevented from handing over someone without death penalty assurances”.
The conclusion to the heated debate resulted in a provision being passed which requires the Secretary of State to seek assurances that information provided will not be used in connection with proceedings for a death penalty offence. As Lord Hope of Craighead pointed out, however, “there is no point in simply seeking an assurance because that in itself is not enough to protect this country against a breach of the international obligation [its obligations under the European Convention on Human Rights].”
Although the Bill has now been passed, this is not an issue that is going to go away. The government is currently litigating a case in which this very issue is being raised. In R(Maha El Gizouli) v Secretary of State for the Home Department  EWHC 60, the mother of an ISIS fighter currently detained in Syria by US forces, challenged the Home Secretary’s decision to provide information to the US authorities using MLA channels, on the grounds that it could be used in connection with proceedings for a death penalty offence. It seems likely that this case will go to the Supreme Court and, from there, possibly on to the European Court of Human Rights.