Since the CLOUD Act requires a partner nation to meet certain minimum requirements before an executive agreement enters into force, the language of that first agreement can provide context with the standards that the United States expects from other partner countries in negotiating future executive agreements. It can also provide Congress with guidance on how the CLOUD law is implemented in practice. On 8 July 2020, the bilateral agreement between the United States and the United Kingdom on access to electronic data to combat serious forms of crime came into force. This agreement was the first negotiated and agreed after the adoption of the Lawful Use of Data Abroad (CLOUD) Law clarification law in March 2018. Given that the first agreement is already in force and two others are being negotiated, this blog post provides an overview of the text of the CLOUD Act and its past implications. In the future, the burden for both nations will now be to show that such an agreement truly protects privacy and civil liberties. Many details of how the agreement will work in practice remain to be seen, including the standards of proof for the United Kingdom, to request orders, restrictions on wiretaps and whether there are sufficient safeguards to prevent privacy violations against citizens of each country. Nevertheless, the United States and Great Britain The bilateral data access agreement can serve as a useful model for both the United States and other nations, as they consider how best to implement cross-border data exchange. It shows how nations can use a combination of their national laws and the language of cloud law to enter into agreements that meet their minimum standards, at least on paper. The influence of the law on cloud cannot be denied. The acceleration of access to data is the result of the fact that the United Kingdom and Australia have introduced new legislation allowing these agreements. With much of the global data stored in the United States, delays in the collection of electronic evidence by U.S. suppliers have become a growing challenge for foreign investigators.
This should be seen as an incentive for other countries to improve their privacy and protection of civil liberties. I think that has already been done; Daskal and Swire state that in 2016, “the British government supported the establishment of a judicial review of wiretaps – in large part because it wanted to ensure that it could benefit from the kind of executive agreements provided for by the CLOUD Act.” As long as safeguards are properly implemented and respected and access to this process remains limited to serious cases, subsequent bilateral agreements can be beneficial on a global scale. The CLOUD Act, passed in March 2018, amended the SCA to clarify that suppliers subject to legal proceedings under the SCA “must retain, secure or disclose the contents of a wired or electronic communication and any recording or other information relating to a customer or subscriber in connection with the detention , the retention or control of this provider, whether or not that communication is, registration or any other information within or outside the United States. CLOUD Act 103 (a) (codified at 18 U.S.C No. 2713). The CLOUD Act also authorized the Attorney General to enter into bilateral executive agreements with the agreement of the Minister of Foreign Affairs to directly receive data orders from suppliers in each country. To conclude such an agreement, the Attorney General must make a number of certificates, including (i) that the “foreign government qualifying” has laws on privacy and civil liberties, which are robust; (ii) adopted “appropriate procedures to minimize the acquisition, storage and dissemination of information about U.S. persons”; (iii) the terms of the agreement “do not create an obligation for suppliers to decrypt data or restrictions preventing suppliers from decrypting data”; and (iv) that the foreign government is not targeting the United States.