Cross-Border Data Forum Bannner


Kenneth Propp

Introduction When the United States Congress enacted the CLOUD Act in 2018, law enforcement agencies around the world were encouraged that the innovative international agreements envisioned by the legislation would offer a solution to burgeoning difficulties in obtaining access to electronic evidence located in the United States.  Two years later, progress towards that goal has been slow: only one agreement, with the United Kingdom, has been signed, and reservations about this novel type of agreement persist in the privacy and civil [...]
Following the invalidation of the U.S.-EU Privacy Shield by the Court of Justice of the European Union (CJEU), Kenneth Propp and Peter Swire’s article ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’ argues that the core fundamental rights concerns expressed by the CJEU must be addressed in order for the U.S. and the EU to negotiate a replacement agreement. In particular, the article makes a preliminary proposal to address CJEU concerns that U.S. surveillance law safeguards lack [...]
The 2019 international agreement between the United Kingdom and the United States[1] on access to electronic evidence has attracted wide attention as a new tool of international assistance in criminal matters.[2]  Historically, countries have conducted such cooperation pursuant to mutual legal assistance treaties (MLATs). The UK-US CLOUD Agreement, however, is the first international instrument putting in place a new mechanism providing that law enforcement authorities can request e-evidence directly from a cloud service provider, without going through MLAT procedures. [...]
In his Atlantic Council issue brief US Surveillance on Trial in Europe: Will Transatlantic Digital Commerce Be Collateral Damage?, Propp summarizes the history, oral arguments, and possible outcomes of the European Court of Justice’s pending decisions on the validity of Standard Contractual Clauses and the EU-U.S. Privacy Shield.  Propp notes that if the Court finds U.S. surveillance law is inconsistent with EU privacy laws, “transatlantic data transfer mechanisms relied upon by [Facebook], and thousands of other companies, may be invalidated.”  [...]