In his paper Transfer of Personal Data to U.S. Law Enforcement Authorities After the CLOUD Act: Is There a Conflict with the GDPR?, Prof. Christakis looks at how Section 103 of the CLOUD Act may conflict with the GDPR’s restrictions on transfers of personal data to outside the European Union.

The globalization of criminal evidence has altered the landscape for criminal investigations worldwide. With the advent of electronic communication and the rise of the popularity of social media, a crime that physically takes place within the borders of one country often has electronic evidence that is located outside the borders of that country. A recent report for the European Commission stated, “More than half of all investigations [in Europe] include a cross-border request to access e-evidence.”1

In their Lawfare article The Cloud Act Is Not a Tool for Theft of Trade Secrets, Swire and Hemmings explain the allegations from the European Union that the Act is a tool for economic espionage, and why those concerns are mistaken.  The article gives three reasons why prosecutors are highly unlikely to use the Cloud Act to steal intellectual property:  (1) the U.S. has long-standing normative and diplomatic interests in preventing the abuse of economic espionage; (2) even under the Cloud Act, the U.S. can obtain information only via a lawful order pursuant to a criminal investigation, and (3) the Economic Espionage Act provides significant protections to the owners of trade secrets at issue in litigation that would apply in a criminal investigation as well.

Introductory note:  This set of FAQs  responds to questions from non-U.S. countries about the meaning and implications of the CLOUD Act.  Some questions have arisen from the European Union in connection with the CLOUD Act, and this paper seeks to address those questions specifically.   But it is important to note that countries outside of the EU are expected to seek executive agreements under the CLOUD Act as well.

This short article explains the streamlined U.S. legislative procedure that applies for executive agreements under the Cloud Act.  By contrast, other procedures exist, but require considerably more challenging steps for approval by Congress to go into effect.

In her article Unpacking the CLOUD Act, Daskal seeks to demystify the recently enacted Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in March 2018 by the U.S. government in an effort to address challenges faced by law enforcement in accessing data located across borders. The article explains the two parts of the act, dealing with: (i) U.S. access to data located outside the United States; and (ii) foreign government access to data held by U.S. companies within the United States. As the article highlights, the CLOUD Act offers a model for both responding to law enforcement needs and setting – and raising – baseline privacy protections. In that regard, it is a step in the right direction, although there is much more work to be done.