This short article explains the streamlined U.S. legislative procedure that applies for executive agreements under the Cloud Act.  By contrast, other procedures exist, but require considerably more challenging steps for approval by Congress to go into effect.

In her article Unpacking the CLOUD Act, Daskal seeks to demystify the recently enacted Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in March 2018 by the U.S. government in an effort to address challenges faced by law enforcement in accessing data located across borders. The article explains the two parts of the act, dealing with: (i) U.S. access to data located outside the United States; and (ii) foreign government access to data held by U.S. companies within the United States. As the article highlights, the CLOUD Act offers a model for both responding to law enforcement needs and setting – and raising – baseline privacy protections. In that regard, it is a step in the right direction, although there is much more work to be done.

The year 2018 was marked by some important legislative initiatives in the United States and the European Union reflecting a new approach concerning Law Enforcement Agents’ (LEAs) access to electronic evidence. These initiatives were motivated by the significant legal challenges that the globalization of criminal evidence is creating for LEAs: a 2018 report by the European Commission found that “more than half of all investigations involve a cross-border request to access [electronic] evidence”. Considering that traditional instruments for cross-border cooperation such as Mutual Legal Assistance Treaties (MLAT) are too slow and cumbersome, the United States (US) and the European Union (EU) decided to move ahead with new legislative tools that would allow requesting Internet and Cloud Service Providers (hereafter: “service providers”) to transfer directly the required data to LEAs of the State that issues such an order, and this regardless of the location where the data are stored or where the suspect in a criminal investigation resides.

The Cloud Act authorizes the U.S. government to enter into executive agreements with other nations, so long as listed privacy and human rights protections are built into those agreements. One prime requirement is that the non-U.S. government request for criminal evidence “shall be subject to review or oversight by a court, judge, magistrate, or other independent authority prior to, or in proceedings regarding, enforcement of the order.” This requirement of “review or oversight” by a judicial officer could split the world into two categories – countries who use judicial process to get evidence (such as many EU countries), and countries who do not. To date, some observers have assumed that the latter countries are simply not eligible for a Cloud Act executive agreement.

E-Evidence negotiations in the EU Council are currently locked in stalemate. The clock is ticking, due to the upcoming European elections and the will of the Austrian Presidency to conclude the Council negotiations by December. Yet, the October 11th meeting of the European ministers of Justice showed, according to the Austrian presidency’s conclusion that: “There is a big divergence of opinions and it will be difficult to find a compromise that bridges these differences”.i The meeting made progress on another contentious issue, with the Member States deciding to drop the request to introduce real time interception in the E-Evidence draft regulation. States remain profoundly divided, however, on the main subject discussed during this meeting: the one concerning the introduction of a notification mechanism between Member States affected by a European Production Order (EPO).

In the IAPP article Announcing the new Cross-Border Data Forum, Professors Christakis, Daskal, and Swire introduce the Cross-Border Data Forum. The article explains the aims and role of the CBDF, including its four announced goals: