The Cloud Act provides that U.S. prosecutors can gain access to evidence under the possession, custody or control of a company in the U.S., regardless of where the data are stored. But European fears of economic espionage are mistaken.
Justin D. Hemmings is a Research Faculty Member at the Georgia Institute of Technology Scheller College of Business and a Project Attorney at Alston & Bird, where he engages in legal and policy issues and practice concerning privacy and cybersecurity. He and Peter Swire co-authored the 2017 NYU Annual Survey of American Law article “Mutual Legal Assistance in an Era of Globalized Communications: The Analogy to the Visa Waiver Program,” which proposed an approach that was later codified in Section 5 of the Clarifying Lawful Overseas Use of Data Act.
Subscribe to this Lawfare contributor via RSS.
Congress helpfully expanded the CFIUS process last year with FIRRMA. There is more to do, however. Next, we should study and respond to national security risks from foreign vendors.
The first executive agreement under the Cloud Act, between the U.S. and U.K., may come soon. But the British side of the agreement needs work.
In data breach investigations, law enforcement and companies can (and often need to) rely on each other, even though their interests may ultimately diverge and even conflict.