Regulating the Unregulatable: An Estonian Perspective on the CLOUD Act and the E-Evidence Proposal

Abstract

The article evaluates the effects of the CLOUD Act and the E-Evidence Proposal on state actions involving extraterritorial collection of evidence. Particular attention is given to Estonia, which has no regulation in place in this regard – neither on computer system searches nor on extraterritorial data-gathering. The discussion is aimed at ascertaining whether unauthorised extraterritorial data collection creates admissibility problems in states such as Estonia. The author’s analysis evaluates whether these problems are solved with the CLOUD Act and E-Evidence Proposal, with the conclusion that European countries are a far cry from clarity on the subject and that in the absence of national rules, clarity will never come about. The critical issue for Estonia and other states that lack specific computer-system search regulations is that no justification for searches of computer systems or extraterritorial data-gathering is to be found, whether in domestic rules or in the international agreements in place. States such as Estonia are going to continue facing problems when data are needed anywhere other than from a US or European ISP or when data are collected via methods that do not involve recourse to assistance (e.g., surveillance measures), since no justification is available for such extraterritorial collection of digital data.