The EU may order tech firms to hand over terror suspects’ data inside 6 hours

A draft policy at the European Commission would provide judges with the ability to demand data from technology companies on incredibly tight deadlines.

The news: The Guardian reports that the new rules would allow courts to demand the data of terror suspects, such as e-mail or text messages, no matter where in the world the data was stored. Firms would also be banned from deleting some specific kinds of data.

More details: The default deadline for handing over data would be 10 days, but that could be shortened to six hours in some cases. Curent deadlines are 120 days or more. Companies would be able to challenge requests for data if they believed that its provision would, say, break laws.

What they’re saying: “Criminals use fast and cutting-edge technology to operate,” said EU justice commissioner Vera Jourova in a statement. “We need to equip law enforcement authorities with 21st-century methods to tackle crime, just as criminals use 21st-century methods to commit crime.”

The case against: “If companies are coerced into handing over citizens’ data, our existing rights are put at risk,” said Maryant Fernández Pérez, a senior policy advisor at the lobby group European Digital Rights, to the Financial Times. “States have legal obligations to respect and defend people’s fundamental rights. Companies do not have such legal obligations.”

Move fast, break things? Tech firms are often enthusiastic about working quickly. But a six-hour turnaround is likely to raise concerns about whether it provides enough time to perform due diligence on data being handed over.

Next up: The policy will go to a vote inside the European Parliament and member-state governments.