The Council of Europe Convention on Cybercrime (Budapest Convention) was the first international treaty to focus explicitly on cybercrime. Its aim is to function as an international framework for the harmonization of cybercrime-related legislation and to facilitate the fight against criminal offences making use of computer networks. One of the most important provisions of the Budapest Convention is Article 32. It provides a possibility for competent authorities from one Party to unilaterally access computer data stored in another Party with consent or where publicly available, without seeking Mutual Legal Assistance (MLA).

This document analyses the toolbox available to competent authorities under Article 32 of the Budapest Convention, including the requirement of “lawful and voluntary consent” as referred to under Article 32(b). It also includes excerpts from the legislation of some EU Member States implementing Article 32 into their domestic legal framework and information on some EU countries where the provision is directly applicable into national law.

The document was prepared within the framework of the SIRIUS Project. The SIRIUS Project has received funding from the European Commission’s Service for Foreign Policy Instruments under Contribution Agreement No PI/2020/417-500.