In her Yale Law Journal Online article Privacy and Security Across Borders, Daskal analyzes the impetus and results of three recent initiatives for law enforcement access to data: the U.S. Cloud Act; the EU E-Evidence proposal; and recent Australian legislation. The article highlights these initiatives’ promise and limits, and offers a way forward. Daskal explains that there is, on the one hand, the risk of governments demanding access to all information anywhere and everywhere, in ways that will almost certainly result in reduced cybersecurity, privacy, and civil liberties for all. On the other hand, there is a unique opportunity to set baseline standards and clear jurisdictional rules—thereby facilitating law-enforcement access while also protecting, and ideally elevating, speech, privacy, and other rights protections in the process.

Andrew Burt and Dan Geer’s Lawfare article The Budapest Convention Offers an Opportunity for Modernizing Crimes in Cyberspace explores how the current negotiations of an additional protocol to the Budapest Convention on Cybercrime provide an opportunity for lawmakers to modernize how crimes are defined in cyberspace. Burt and Geer propose a new starting point for the definition of a cybercrime:

In his paper Transfer of Personal Data to U.S. Law Enforcement Authorities After the CLOUD Act: Is There a Conflict with the GDPR?, Prof. Christakis looks at how Section 103 of the CLOUD Act may conflict with the GDPR’s restrictions on transfers of personal data to outside the European Union.

The globalization of criminal evidence has altered the landscape for criminal investigations worldwide. With the advent of electronic communication and the rise of the popularity of social media, a crime that physically takes place within the borders of one country often has electronic evidence that is located outside the borders of that country. A recent report for the European Commission stated, “More than half of all investigations [in Europe] include a cross-border request to access e-evidence.”1

In their Lawfare article The Cloud Act Is Not a Tool for Theft of Trade Secrets, Swire and Hemmings explain the allegations from the European Union that the Act is a tool for economic espionage, and why those concerns are mistaken.  The article gives three reasons why prosecutors are highly unlikely to use the Cloud Act to steal intellectual property:  (1) the U.S. has long-standing normative and diplomatic interests in preventing the abuse of economic espionage; (2) even under the Cloud Act, the U.S. can obtain information only via a lawful order pursuant to a criminal investigation, and (3) the Economic Espionage Act provides significant protections to the owners of trade secrets at issue in litigation that would apply in a criminal investigation as well.

Introductory note:  This set of FAQs  responds to questions from non-U.S. countries about the meaning and implications of the CLOUD Act.  Some questions have arisen from the European Union in connection with the CLOUD Act, and this paper seeks to address those questions specifically.   But it is important to note that countries outside of the EU are expected to seek executive agreements under the CLOUD Act as well.