By Dr Yvette Russell, Senior Lecturer in Law and Feminist Theory (University of Bristol Law School)
Monday last week saw the announcement of a new national policy requiring criminal complainants to sign consent forms authorising detectives to access data in their mobile phones. Conveyed in a joint briefing by Metropolitan police assistant commissioner Nick Ephgrave and director of public prosecutions (DPP) Max Hill QC, the new policy is designed to ‘ensure all relevant lines of enquiry are followed’ and that any material that undermines the case for the prosecution or assists the case for the accused is detected and disclosed to the defence. While the forms are not to be used solely for sexual offence complainants the use of the forms in these cases was a major focus of Monday’s briefing. While the CPS noted that not all sexual offence complainants will be asked to divulge digital data it is likely, given that most sex crimes occur between parties who are known to each other, that a high proportion of those complaining will be asked to sign a consent form and hand over their phones and the data therein.
Following the robust objections of many rape survivors’ advocacy groups to the new policy, the CPS and police late last week invited victims’ groups to discuss their concerns about the new consent form. Over the weekend, the Association of Police and Crime Commissioners took the unusual step of publicly objecting to the introduction of the consent form, labelling it a risk to public confidence in the criminal justice system. (more…)
European data protection authorities (EU DPAs) play crucial roles in protecting personal data rights. However, many EU DPAs do not have adequate access to resources in order to be effective data privacy protectors. Although the data privacy law literature recognizes that many EU DPAs operate within such constraints, to date, there has been a dearth of empirical studies on how limited resources can impact on enforcement. A new article* makes a modest attempt to address this empirical gap by analysing selected empirical findings of a recent project which examined the investigations of multinational cloud providers by EU DPAs (Cloud Investigations).
This article draws on the fields of socio-legal studies and regulation to interpret these empirical findings and advances three arguments. First, due to their fiscal constraints, some EU DPAs often have to make tactical enforcement decisions about initiating Cloud Investigations as well as the foci and methods of Cloud Investigations. The decision-making process can be very complex for some EU DPAs as they have to not only consider but also at times balance a broad range of factors including external pressures, law and enforcement styles. Second, hybrid forms of data governance can often emerge during Cloud Investigations as EU DPAs delegate their regulatory tasks to private and governmental (other than EU DPAs) actors due to the limited resources. Finally, this article suggests that hybrid data governance needs to be carefully designed in order to ensure effective and robust data governance. Suggestions are made on how the ‘regulatory space’ can be designed in order to promote accountability, trust, robust data protection and effective multi-actor collaboration.