Abstract
<jats:p>Cybercrime investigations increasingly rely on intrusive digital techniques that can interfere with private life. This article identifies minimum procedural safeguards that reconcile effective cybercrime enforcement with respect for privacy. Using doctrinal and comparative legal analysis, it benchmarks Kazakhstan’s regulation of intrusive investigative measures against standards developed by the European Court of Human Rights and relevant European Union requirements, with reference to practices in selected member states. The study examines four techniques: interception of communications, access to traffic and location data, remote access to digital devices, and the use of commercial spyware. The comparison shows that vague statutory bases and weak supervision can turn crime-control tools into surveillance. At a minimum, privacy-compatible enforcement requires prior independent authorization, clear limits on scope and duration, auditable rules for data handling (storage, access, sharing, deletion), effective oversight and accountability, post-measure notification when it no longer jeopardizes investigations, and accessible remedies. The article concludes with priority reforms for Kazakhstan to strengthen legal certainty and oversight while preserving investigative capacity. </jats:p>