Professors Jennifer Daskal and Peter Swire’s article The U.K.-U.S. CLOUD Act Agreement Is Finally Here, Containing New Safeguards examines the long-awaited data-sharing agreement and the first of the executive agreements envisioned by the CLOUD Act. The article assesses what’s new about the agreement; what’s surprising; and why—despite the critics—the authors continue to view these agreements as positive developments that protect privacy and civil liberties, accommodate divergent norms across borders, and respond to the reality that digital evidence critical even to wholly local crimes is often located across international borders.
The article looks closely at nine significant new items from the agreement that go beyond the baseline statutory requirements of the CLOUD Act: Quality Control/Designated Authorities (Art. 5), Opportunity to Object/Review Procedures (Art. 5), Use Limitations (Art. 8), Third Country Notification (Art. 5), Minimization Provisions (Art. 7), Reciprocity (With Limits) (Arts. 1 and 7), Transparency (Art. 12), Definition of Serious Crime (Art. 1), and Subscriber/Preservation Requirements (Art. 10).
The article also corrects erroneous reports that the agreement would require service providers to decrypt evidence, and highlights the CLOUD Act agnosticism towards encryption.
Congress now has 180 days to examine the agreement. If Congress does not object within 180 days, the agreement will then go into effect. The U.S. is also currently discussing a potential agreement with the European Union, and the U.S. and Australia have formally announced negotiations as well.
To read the full article on Just Security, please click here.
To read the full article on Lawfare Blog, please click here.
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.