Professor Jennifer Daskal’s Just Security article Correcting the Record: Wiretaps, the CLOUD Act, and the US-UK Agreement responds to Albert Gidari’s criticisms of the wiretapping provisions in the US-UK CLOUD Act Agreement.  Gidari’s article accurately describes the possibility that U.S.-ordered wiretaps can be used to listen to conversations of individuals located outside the territorial borders of the U.S., subject to heightened substantive and procedural requirements that govern the issuance of wiretaps by U.S. authorities.  Daskal’s article points out that the possibility that U.S. wiretaps could pick up the conversation of foreigners. was true both before and after the CLOUD Act.  Contrary to Gidari’s suggestion, the CLOUD Act does not grant the U.S. new authorities that it did not previously have.

The European Law Blog has published Prof. Theodore Christakis’s report from the September 25, 2019 academic workshop “E-Evidence: The Way Forward,” that was held in Brussels by the Grenoble Alpes Data Institute in cooperation with the Cross-Border Data Forum and Microsoft.  The workshop included academics well known for their work on privacy, data protection, and criminal law from several countries.  Also participating were representatives of the European Parliament involved with the LIBE Committee’s work on E-Evidence, including MEP and Rapporteur for the E-Evidence package Ms. Birgit Sippel.

This paper addresses an important practical topic – when does the EU General Data Protection Regulation (GDPR) act as a “blocking statute,” to prohibit transfers of personal data in response to requests by non-EU law enforcement agencies? Since the GDPR went into effect in 2018, there has been considerable discussion of this issue, most notably when there is a request from US law enforcement for emails and other records held by Internet and Cloud Service Providers.

Professor Theodore Christakis’s European Law Blog article 21 Thoughts and Questions about the UK-US CLOUD Act Agreement: (and an Explanation of How it Works – with Charts) unpacks, to the extent possible, the terms of the agreement not only to understand the basic mechanisms underlying it, but also to consider the International and Human Rights Law implications – including from a European Law perspective.

Professors Jennifer Daskal and Peter Swire’s article The U.K.-U.S. CLOUD Act Agreement Is Finally Here, Containing New Safeguards examines the long-awaited data-sharing agreement and the first of the executive agreements envisioned by the CLOUD Act.  The article assesses what’s new about the agreement; what’s surprising; and why—despite the critics—the authors continue to view these agreements as positive developments that protect privacy and civil liberties, accommodate divergent norms across borders, and respond to the reality that digital evidence critical even to wholly local crimes is often located across international borders.

In his Atlantic Council issue brief US Surveillance on Trial in Europe: Will Transatlantic Digital Commerce Be Collateral Damage?, Propp summarizes the history, oral arguments, and possible outcomes of the European Court of Justice’s pending decisions on the validity of Standard Contractual Clauses and the EU-U.S. Privacy Shield.  Propp notes that if the Court finds U.S. surveillance law is inconsistent with EU privacy laws, “transatlantic data transfer mechanisms relied upon by [Facebook], and thousands of other companies, may be invalidated.”  The article examines the roots of this transatlantic privacy divide, traces the history of the Safe Harbor through the Schrems I case to the EU-U.S. Privacy Shield agreement, and analyzes the oral arguments made before the European Court of Justice in the Schrems II case.