Law in the Internet Society

The Admissibility of Evidence Obtained in Breach of GDPR

Introduction

Over the last two decades, the world has witnessed firsthand the technological revolution, which completely transformed the way people communicate and connect. Social media platforms like Facebook, Twitter, Instagram have become the storage of personal data in which the law enforcement agencies and the adverse party in a particular lawsuit will look for the evidence to identify the suspect and bring the best evidence to the court's attention. Nevertheless, in May 2018, the European Union passed the “General Data Protection Regulation” (GDPR), which is one of the strictest rules for personal data protection, to regulate the collection and processing of personal data. The provision of GDPR made a significant impact on the online investigation and the collection of online data because it tightens up the processing of personal data by requiring the social media company, as a data controller, to ask for specific, unambiguous consent from the data subject before handing it to a third person as evidence. However, what happened when evidence offered by the parties is obtained illegally without the prior, ambiguous consent as required by the GDPR? ‘Is the evidence obtained in breach of GDPR admissible in the court?’ This essay will find it out.

The Illegally Obtained Evidence

Even though the practice as to the admissibility of the illegally obtained evidence is divergent among jurisdictions across the world, this so-called “Fruit of the Poisonous Tree” principle, which was deeply rooted in the Fourth and Fifth amendment, has long been settled in the federal courts. According to this rule, the evidence obtained by an illegal search or the oral evidence about the facts discovered or seized during the unlawful search must be excluded, in order to deter the illegal government conduct by preventing them from benefiting by their illegal acts.

This rule was initially applied to the physical evidence obtained during the illegal search and seizure by the police officer and later extended to the intangible evidence in Nardone v. United States (1937) in which the court ruled that the Federal Communication Act Section 605 rendered inadmissible not only evidence of the conversations heard by wiretapping but also evidence procured or made accessible by the use of that information.

In general, it is obvious that the main justification advanced in support of this rule is that it aims to prohibit the illegal act of the government officers, and it could be observed that the rule might be developing to apply in any other context in the future.

“Fruit of the Poisonous Tree” in the Age of Digital Platforms

As we might have already known, people today use social media platforms as a way to express their thoughts and feelings, and courts are recently welcome social media content as evidence both for and against people. However, the advent of the GDPR significantly impacts the use of online personal data because it requires unambiguous consent from the data subjects to process their personal data. The picture of a person on Instagram, the location that a person checked in on Facebook, as well as the opinion tweeted on Twitter if taken, collected, or transmitted without his prior unambiguous consent, constitutes “processing of personal data,” which is potentially in breach of GDPR. On this basis, can the court accept such evidence obtained in breach of GDPR? To answer this question, 2 scenarios of breaching must be taken into consideration:

(1) When the evidence obtained by law enforcement agencies

Let’s assume that the police, in an attempt to investigate the crime, used photos, locations, or communication garnered from the suspect’s social media sites as evidence without the suspect’s consent. Contrary to popular belief, Article 2 of GDPR clearly excludes the processing of personal data by competent authorities for the purpose of investigation of criminal offenses from the material scope of protection. Therefore, the act of the police in this scenario, even in violation of personal data, does not constitute a breach of GDPR and would potentially be accepted as evidence in court.

(2) When the evidence obtained by parties to civil lawsuits

This scenario could be exemplified by the Largent v. Reed (2011) case when the plaintiff, who claimed serious, permanent physical, mental injuries, pain, and suffering, was rebutted by the post-accident photos of her Facebook account, showing that she was obviously feeling well. If the defendant's counsel offered into evidence those personal photos saved from the plaintiff’s account without prior consent, would the photos be admissible? The answer here is ‘yes’ because the prohibition against using illegally obtained evidence applies only to law enforcement agencies. It does not apply to the evidence obtained by the private party.

Final Thoughts

On the basis of these considerations, it is likely that the evidence obtained in breach of GDPR could still be admissible in court. To put it another way, “consent,” which was once thought to be an effective safeguard against the wrongful use of personal data is not by any means a magic wand that can protect your personal data particularly when it was introduced as evidence in the courtroom. Therefore, the best way to protect your data, particularly when a lawsuit is reasonably foreseeable, is to use social media platforms that do not collect your personal data too much and try to think twice before posting or sharing any personal information on social media sites.

I'm not sure I understand the idea behind this draft.

By its terms, as you point out, GDPR provides no rights against access by European States conducting criminal investigations, end of story. No one has ever suggested that the exclusionary rule applied in US courts with respect to evidence acquired in violation of European or other non-US law. So there are no courts in iether the US or Europe that could conceivably exclude criminal evidence on the basis of a violation of GDPR. Full stop.

We should clear up the confusion between the Fourth Amendment's exclusionary rule and the "fruit of the poisonous tree" doctrine. The Supreme Court has consistently held, from the decision in Weeks v. United States in 1914 that evidence obtained by federal officers in violation of the Fourth Amendment cannot be admitted in federal courts. The is not, as you suggest, in order to prohibit or deter the unconstitutional action by the federal officials in acquiring the evidence. The rule is not, as Benjamin Cardozo scoffed, that the criminal goes free because the constable blundered. The rule defends the integrity of the federal courts, which is degraded if the executive branch, through its prosecutors, can turn violation of the constitution into evidence that will convict in its courts. By applying this principle to all state courts prosecutions through section 1 of the Fourteenth Amendment in Mapp v. Ohio in 1961, the Supreme Court turned that into a personal Constitutional right of all Americans to a judicial process that cannot turn the rule of law into an evidence laundry for despotism. That's a big deal.

So what do we do, in the real world of police business, when a warrant that should not constitutionally have been granted results in a search that yields a valid basis for a further search warrant that produces valuable evidence? This second-order consequence of supressible evidence is "the fruit of the poisonous tree." See Silverthorne Lumber Co. v. United States; Nardone v. United States.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r2 - 01 Jan 2022 - 19:47:15 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM