Executive Agreement Cloud Act

Last week, the United States and the United Kingdom signed the first bilateral executive agreement under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), a U.S. law passed in 2018 authorizing the executive to enter into binding bilateral agreements aimed at removing legal barriers that might otherwise prohibit communications service providers from one country from complying with qualification orders issued by another country. It`s a bit weird. [1] The agreement between the United States and the United Kingdom and the ongoing negotiations with Australia reflect the first steps in the implementation of the Clarifying Lawful Overseas Use of Data Act (Cloud Act). The latter point significantly amends the legislation on providers of electronic communications services or distance computing services and, in particular, their obligation to disclose the content of stored wireline and electronic communications and transaction records. It is important to consider the control and balance systems that exist in the United States. Indeed, the president will only sign an executive agreement after rigorous review by the attorney general and the secretary of state and approval by Congress (Section 2523(b) of the Cloud Act). Congress may pass a joint decision of disapproval within 90 days and, in such case, the executive agreement will not enter into force [ยง2523(d)(4) of the Cloud Act]. The CLOUD Act has two main objectives: (1) to amend the Stored Communications Act to require providers to comply with their obligations to retain, safeguard or disclose electronic data in their possession, regardless of the location of that information; and (2) allow the U.S. government to enter into executive agreements with foreign governments on accelerated reciprocal access to electronic information held by foreign-based providers. The answer depends on whether these bodies are subject to UK jurisdiction. In the past, some commentators have raised concerns that enforcement agreements could impose a new obligation on these providers, since they could require a U.S.-based global communications service provider to comply with a foreign government injunction to provide electronic data.

However, in public statements earlier this year, the DOJ attempted to allay these fears by arguing that the CLOUD Act does not impose a new obligation to comply with a foreign level of government or finds itself that a foreign government is responsible for a communications service provider. On the contrary, the DOJ said, importing an executive agreement would eliminate any potential conflict with U.S. law for qualifying levels of government in the situation in which a foreign country is responsible for a communications service provider under its domestic law. Service providers have traditionally been reluctant to respond to data requests from foreign governments, fearing that they will violate national laws on electronic data storage. The bilateral agreements provided for in the CLOUD Act aim to eliminate these conflicts while ensuring that both jurisdictions share similar protections of privacy and civil liberties.

Comments are closed.