Minister Grapperhaus responds to the article "Examination of data (carriers)" in the Dutch Law Journal of November 25, 2020. The article is about case law for investigation of seized data carriers and computerized works, such as laptops and smartphones.
In response to the request of the Standing Committee on Justice and Security of December 3, 2020, you hereby receive my response to the article "Examination of data (carriers)" by Van den Hurk and De Vries from the Dutch Law Journal (Jaargang 95, November 25, 202, pp. 3152 et seq.). The committee has asked for a perspective on how this issue will be regulated under the new Code of Criminal Procedure.
The authors take the 2017 Smartphone judgments of the Supreme Court as the starting point for their article. In short, in this case law, the Supreme Court set out a framework for the investigation of seized data carriers and computerized works, such as laptops and smartphones. For the standardization of this investigation, the Supreme Court, using the so-called "systematicity criterion," makes a threefold division. The investigating officer is authorized if the investigation is not systematic (the invasion of the privacy of the person concerned is limited). In the case of systematic investigation (a more than limited invasion of personal privacy), the public prosecutor is authorized and, finally, the public prosecutor must involve the examining magistrate in the investigation if there is a drastic systematic investigation (it can be foreseen in advance that the invasion of personal privacy will be very drastic). This further standardization of the investigation of seized data carriers and computerized works also constitutes an important innovation in the concept of the new Code of Criminal Procedure (1) . Chapter 7 of the new Book 2 of this Code restructured and modernized the regulation on the collection of data along these lines. In order to better tailor the system of these criminal investigation powers to the developments in the field of information and communication technology, the Commission for Modernization of Criminal Investigations in the Digital Age was established for this purpose. This committee, chaired by Prof. Dr. E.J. Koops, issued a report entitled "Regulation of Investigative Powers in a Digital Environment" in June 2018 (2). The authors refer to this report several times in their article. In the creation of the new regulation in the new Code of Criminal Procedure, the aforementioned Supreme Court case law and the recommendations in the Koops Committee report played an important role. I can endorse the three general comments the authors place on the Supreme Court case law. "Examination of" is less precise for a legal text and partly for that reason the new Code speaks of "examination of data." By this is meant the set of acts that must be performed to take over or take cognizance of data. Like the authors propose, the new Code does not refer to an electronic data carrier but to a digital data carrier. Finally, the explanatory memorandum (3) clarifies why it is indeed not possible to speak of seizure of data.
In their analysis of the smartphone judgments, the authors first consider the making of a one-to-one copy (an image) of the device (2.1). I agree with the authors that making such an image can lead to an invasion of the privacy of the data subject. The explanatory memorandum to the new Code describes that this method of investigation should in principle be classified as systematic (a more than limited invasion of privacy) and therefore requires an order from the public prosecutor, unless the data carrier contains only little privacy-sensitive information (such as, for example, a bicycle chip).
In Section 2.2, the authors argue that through an automated work (think of a smartphone), access can mainly be gained to data in the cloud rather than to data actually on the automated work itself. This means that access to those cloud data must be through a network search (Article 125j Sv). However, this network search is limited under current law to the situation of an actual on-site search and thus cannot be conducted after a smartphone has been seized. This problem has been recognized, and it is precisely for this reason that the new Code of Criminal Procedure also makes the network search possible in cases where computerized works have been seized. Incidentally, this extension is also included in the Innovation Act for Criminal Procedure Bill, which will be submitted to your Chamber early this year.
According to the authors, the Supreme Court sees the use of technical aids in the examination of computerized works as a strong indication for the conclusion that that examination constitutes a more than limited invasion of the privacy of the person concerned (para. 2.3). The authors doubt this and believe that, despite the use of technical aids, there may still be a limited invasion of privacy. Even the explanatory memorandum to the new Code of Criminal Procedure does not exclude the possibility that an automated form of data examination can be carried out independently by an investigating officer. (4)
I am also comfortable with the content of section 2.4 of the article. In it, the authors discuss the term systemicity. Partly as a result of the report of the Koops Committee, this abstract criterion - mentioned above - plays a central role in the standardization of the investigation of data, in the same way that it already plays an important role in the current Code in the deployment of some special investigative powers. The criterion is also consistent with Supreme Court case law. With regard to the concepts of "systematic" and "far-reaching systematic" investigation of data used in the new Code, the authors state, to my delight, that their wording excels in clarity and, as far as they are concerned, reflects exactly what the respective criteria should entail.
In paragraph 3 of the article, the authors address the question of how review by the public prosecutor or the examining magistrate can be carried out in a meaningful way. They elaborate on a number of factors that the Koops Committee included in its report. The authors come to the conclusion that for the interpretation of the criterion of "systematicity" the nature of the data is particularly important, as well as the manner in which the investigation takes place from a technical point of view. The explanatory notes to Articles 2.7.39 and 2.8.8 of the new Code of Criminal Procedure also discuss this in detail and are in line with what the authors conclude. For the interpretation of "systematic", according to the explanatory memorandum, one can partly follow the meaning given to it in existing legislation and case law. At the same time, it is noted that the resulting interpretation of the term "systematic" is, however, of limited relevance to the digital form of data examination. Therefore, in the explanatory memorandum, pointers have been given to the relevant factors for the interpretation of "systematic" in the context of digital research. These include the quantity, nature and automated investigability of the data, the type of medium, the method of storage and the automation of the investigation. These factors correspond to those mentioned by the authors in their article.
Finally, in Section 4, the authors discuss the procedural defaults that could come into the picture around the examination of data and the possible responses to them. The authors keep this part of their argument quite general, stating that based on the current state of case law, only the finding of a formal default as a legal consequence is feasible. With regard to this, I note that on December 1, 2020, the Supreme Court issued a judgment (ECLI:NL:HR:2020:1890) in which a consideration is given to the evaluation framework, based on Article 359a of the current Code, for the legal consequences that can be attached to breaches of form committed during the preliminary investigation. The Supreme Court considers that it sees reason to "nuance or adjust" "the precise wording" of "some" standards included in that evaluation framework. It considers - with reference to the recent publication of the draft of the new Code of Criminal Procedure, which includes a new scheme for procedural sanctions, which in the Supreme Court's view is 'partly differently designed' from the current statutory scheme - that the initiatives to adapt the current statutory scheme give it cause for 'restraint'; it therefore sees no reason for 'substantial changes' in the assessment framework. With that, this judgment has significance primarily for criminal law practice based on the current statutory scheme, but will, of course, also receive attention in due course in the new scheme for procedural sanctions included in the New Code.
I hope this has given you sufficient information.
The Minister of Justice and Security,
Ferd Grapperhaus
1) Accessible at: https:rijksoverheid
2) Accessible at: https:rijksoverheid
3) Accessible at: https:rijksoverheid
4) Ditto.
