Updated: January 21, 2020 On January 10, 2020, the U.S. Department of Justice (DOJ) officially notified the Congress of its certification of the agreement between the United States and the United Kingdom on Access to Electronic Data for the Purpose of Countering Serious Crime.  While the DOJ had previously sent the U.S./UK CLOUD Act Executive Agreement to Congress on December 4, 2019, and intended to notify the relevant committees at that time, “because of a clerical error, [the DOJ] did not provide actual notification to those committees until January 10, 2020.”

2020 should be an important year for E-Evidence in the European Union (EU). Taking into consideration the significant legal challenges from the globalization of criminal evidence and considering that traditional instruments for cross-border cooperation such as Mutual Legal Assistance Treaties (MLAT) are too slow and cumbersome, the European Commission proposed, on 17 April 2018, “E-Evidence”, a legislative package that basically constitutes the European equivalent of the Cloud Act and aims, in a similar way, to streamline cooperation with service providers and supply law enforcement and judicial authorities with expeditious tools to obtain e-evidence, while also ensuring protection of fundamental rights.

In their forthcoming article Defining the Scope of ‘Possession, Custody, or Control’ for Privacy Issues and the Cloud Act, the authors provide the first full analysis of the scope of “possession, custody, or control” under the Clarifying Lawful Overseas Use of Data Act (Cloud Act).  The text of the paper is available on SSRN, and will be published in full by the Journal of National Security Law & Policy.  The introduction is presented here:

Professor Jennifer Daskal’s Just Security article Correcting the Record: Wiretaps, the CLOUD Act, and the US-UK Agreement responds to Albert Gidari’s criticisms of the wiretapping provisions in the US-UK CLOUD Act Agreement.  Gidari’s article accurately describes the possibility that U.S.-ordered wiretaps can be used to listen to conversations of individuals located outside the territorial borders of the U.S., subject to heightened substantive and procedural requirements that govern the issuance of wiretaps by U.S. authorities.  Daskal’s article points out that the possibility that U.S. wiretaps could pick up the conversation of foreigners. was true both before and after the CLOUD Act.  Contrary to Gidari’s suggestion, the CLOUD Act does not grant the U.S. new authorities that it did not previously have.

The European Law Blog has published Prof. Theodore Christakis’s report from the September 25, 2019 academic workshop “E-Evidence: The Way Forward,” that was held in Brussels by the Grenoble Alpes Data Institute in cooperation with the Cross-Border Data Forum and Microsoft.  The workshop included academics well known for their work on privacy, data protection, and criminal law from several countries.  Also participating were representatives of the European Parliament involved with the LIBE Committee’s work on E-Evidence, including MEP and Rapporteur for the E-Evidence package Ms. Birgit Sippel.

This paper addresses an important practical topic – when does the EU General Data Protection Regulation (GDPR) act as a “blocking statute,” to prohibit transfers of personal data in response to requests by non-EU law enforcement agencies? Since the GDPR went into effect in 2018, there has been considerable discussion of this issue, most notably when there is a request from US law enforcement for emails and other records held by Internet and Cloud Service Providers.