December 3, 2022

Volume XII, Number 337

Advertisement

December 02, 2022

Subscribe to Latest Legal News and Analysis

December 01, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Government Requests for Data: CLOUD Act Attempts to Provide Guidance

On March 23, US President Donald Trump signed the omnibus spending bill, a portion of which contained the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to offer guidance to providers of electronic communication and remote computing services when they receive orders to disclose data from the United States or foreign governments that are not located in the country from which the order came (e.g., where the FBI issues a search warrant to a US cloud service provider to provide email data located on a server in the European Union over which the cloud service provider has custody or control).

In addition to other requirements, the CLOUD Act states that providers of electronic communication or remote computing services must comply with the obligations of the Stored Communications Act involving the preservation, storage, and disclosure of certain stored communications and records—whether or not such communications and records are located in the United States. The CLOUD Act also presents a new review process before a US judge for providers of electronic communication or remote computing services to push back on orders to disclose customer communications or records under the Stored Communications Act, among other governmental orders.

In order to file a motion to modify or quash an order, the provider must (1) believe the customer is not a US person and the provider risks violating the law of a qualifying foreign government if it complies with the disclosure and (2) file a motion within 14 days of being served. “Qualifying foreign governments” refer to governments that have certain executive agreements with the United States governing access to data, as further detailed in Section 105 of the CLOUD Act, and are certified as such by the US Attorney General (we are unaware of any country that currently has such an executive agreement with the US government).

The CLOUD Act goes on to articulate the issues a court evaluating such a motion needs to consider in performing a “comity analysis” for conflicting orders between the United States and a qualifying foreign government, specifically considering the following factors:

  • Whether the provider would violate the foreign law if it complied
  • Interests of justice, which cover the interests of the United States and the qualifying foreign government in question, the possible penalties the provider faces, the location and nationality of the customer and his or her ties to the United States, the importance of the investigation, and other considerations
  • Whether the customer is a US person or resident of the United States

While the CLOUD Act provides some guidance to global providers of electronic communication and remote computing services, it also will be important to follow how the CLOUD Act impacts current cases in court related to similar issues and the existing Mutual Lateral Assistance Treaties on criminal matters that the United States has entered into with 52 countries.

Copyright © 2022 by Morgan, Lewis & Bockius LLP. All Rights Reserved.National Law Review, Volume VIII, Number 102
Advertisement
Advertisement
Advertisement

About this Author

Dr. Axel Spies, Telecommunications and technology lawyer, Morgan Lewis
Special Legal Consultant

Dr. Axel Spies has advised clients for many years on various international issues, including licensing, competition, corporate issues, and new technologies such as cloud computing. He counsels on international data protection (EU General Data Protection Regulation), international data transfers (Privacy Shield), healthcare, technology licensing, e-discovery, and equity purchases. A member of the Sedona Conference on Electronic Discovery, Dr. Spies is frequently quoted in the media for his telecommunications and privacy knowledge.

202-373-6145
Jessica M. Pelliciotta, Morgan Lewis, technology lawyer
Associate

Jessica M. Pelliciotta is part of our outsourcing and strategic commercial transactions team of lawyers, handling critical commercial transactions that enable our clients to run their business operations effectively. The Morgan Lewis team focuses on technology transactions, including licensing, services, and alliance deals that involve emerging technologies such as cloud computing, software as a service (SaaS), and data analytics.

215.963.4889
Advertisement
Advertisement
Advertisement