Cross-Border Data Forum – The Cross-Border Data Forum (CBDF) is a 501(c)(4) non-profit group that addresses international data transfer policy issues.

Posted on November 24, 2025

Theodore Christakis

LAWFARE – When Governments Pull the Plug

While Europe worried about the United States flipping a “kill switch” on digital services, they accidentally triggered their own.

Posted on September 30, 2025

Theodore Christakis

From Transfers to Takedowns: Can Article 16 DSA Police GDPR Violations?

Berlin’s DPA asked Apple and Google —via DSA Article 16—to delist the DeepSeek app over alleged GDPR-breaching data transfers to China. This article explains why that route is shaky, why Chapter V doesn’t apply, and proposes a two-track framework for proportionate enforcement.

Posted on September 25, 2025

Peter Swire

Swire Submits Amicus Brief Supporting the Independence of the Privacy and Civil Liberties Oversight Board

Writing in his personal capacity, Peter Swire filed an amicus brief in the case concerning the independence of members of the Privacy and Civil Liberties Oversight Board (PCLOB).

Posted on August 4, 2025

Richard Salgado, Kenneth Propp

LAWFARE – Patching the U.K.’s Zero-Day Security Exploit With the U.S.-U.K. CLOUD Act Agreement

As the Trump Administration and Congress increasingly express concern about a reported effort by the United Kingdom to compel Apple to globally disable a security feature of one of its cloud services, attention has turned to addressing the resulting cybersecurity risks.

Posted on July 22, 2025

Jennifer Daskal, Richard Salgado

2025 CLOUD Act: Answers to Frequently Asked Questions

These Frequently Asked Questions (FAQs) update FAQs from 2019 to further address the meaning and implications of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act).

Posted on June 25, 2025

Kenneth Propp

LAWFARE – The UK-US E-Evidence Agreement: Practical Impact, Current Threats, and Implications for Europe

After more than two years in effect, the U.K.-U.S. Data Access Agreement (an “e-evidence agreement” enabled by the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act) has proved a game-changer for the United Kingdom’s law enforcement agencies, which have made tens of thousands of real-time intercept requests directly to U.S. service providers. U.S. law enforcement agencies have made much more limited use of the agreement, primarily because little of the investigative data they need is held by U.K. providers. The U.S. Department of Justice also has expressed muted disappointment with aspects of U.K. implementation. This article, by U.S. and U.K. ex-government officials, explores the reasons behind this initial experience.