The Council of the European Union has passed a resolution stating that authorities must be able to access encrypted data. The Council already drew up a draft of this in November.
Such resolutions are not legally binding but include Council positions. The Council of the European Union announced the resolution on Monday. A draft of this resolution previously appeared online, but has now been adopted by the Council. Since then, little seems to have changed in the first version. In the resolution, which is still referred to as ‘Security through encryption and security despite encryption’, the Council states, among other things, that it supports the development and use of strong encryption. At the same time, the Council reports that ‘a better balance’ must be found between encryption and security.
“Encryption has been identified by EU data protection and cybersecurity authorities as an important tool that contributes, for example, to the protection of personal data transferred outside the EU,” the Council writes. “However, there are cases where encryption makes access to electronic evidence extremely difficult or practically impossible, despite the fact that access to such data would be lawful.” The EU Council believes that authorities should be able to access such encrypted evidence. The Council mentions, among other things, the prevention of terrorism, organized crime and child abuse as its objectives.
The Council does not describe how such access should work while maintaining strong encryption. The Council does, however, state that an active discussion with the tech industry must be entered into for this. Possible solutions must also be developed ‘transparently’. “Technical solutions for accessing encrypted data must comply with the principles of legality, transparency, necessity and proportionality, including the protection of personal data.”
There has been a plea for access to encrypted data by authorities for some time. Minister Grapperhaus of Justice and Security, for example, already argued last year about a so-called back door in encryption. Grapperhaus said, for example, that it “should be impossible to use encryption to exchange child pornography”. However, he later clarified that he does not advocate weakening encryption.