On Wednesday, the Department of Justice released a white paper on the Clarifying Lawful Overseas Use of Data Act, or Cloud Act, which was enacted in March 2018. The white paper, entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” is available here and below.
Latest in Cross-Border Data
The United States, Canada and Mexico recently completed negotiations on a new trade agreement, the United States-Mexico-Canada Agreement (USMCA), to supersede NAFTA. While the treaty is pending ratification in the legislative bodies of the respective countries, the digital trade portion of the agreement has already garnered a positive response from U.S. technology trade associations.
As opposition grows in the British Parliament to the nearly 600-page agreement negotiated by Prime Minister Theresa May’s government to withdraw the United Kingdom from the European Union, it’s increasingly clear that the current text will not be the final word. But even if the British government is ignominiously sent back to the negotiating table with Brussels, it would be a mistake to dismiss the behemoth withdrawal agreement, and the accompanying 26-page political declaration on the future U.K.-EU relationship, as headed for the trash heap.
Technology firms are extraordinarily powerful. They control vast sums of money. They serve unprecedentedly large customer bases—in some instances, larger customer bases than any nation on earth (Facebook now has over 2 billion users).
Congress this fall will likely face the first executive agreement negotiated under the new Cloud Act. The U.S. and United Kingdom have been negotiating such an agreement since at least 2016.
Congress passed the Cloud Act as part of an omnibus spending bill in March over the objection of many civil society groups, including the Center for Democracy & Technology (with which I am affiliated). The legislation, formally the Clarifying Lawful Overseas Use of Data Act, empowers the Justice Department to serve legal process authorized by the Electronic Communications Privacy Act (ECPA) on U.S. providers for data those companies control, no matter where the data is located.
On May 22, Attorney General Jeff Sessions will meet with senior European law enforcement officials. In the wake of the Cloud Act, enacted by Congress at the end of March, the possibility of an EU-U.S. agreement on law enforcement access to digital evidence is almost certain to be on the table.
At the end of March, President Trump signed the omnibus budget bill into law.
On April 12, the High Court of Ireland referred 11 questions to the Court of Justice of the European Union regarding the legality of data transfers between Facebook’s Irish and U.S. corporate entities.
On Tuesday, the Supreme Court ruled in U.S. v. Microsoft, also known as Microsoft-Ireland, that the Cloud Act has rendered the case moot. The court’s per curiam opinion is below.