October 20, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

U.S. and U.K. Ease Data Collection Across Borders

Saying it will accelerate complex investigations, the United States and the United Kingdom proposed an historic data exchange agreement. In future, each government will be able to obtain electronic data directly from technology companies in the other country. The governments also say this first of its kind agreement will protect privacy and enhance civil liberties.

The Announcement

On October 3, in the British Ambassador’s residence in Washington, U.S. Attorney General William Barr and U.K. Home Secretary Priti Patel announced the first agreement under the CLOUD Act. The agreement follows upon U.K.’s Crime (Overseas Production Orders) Act 2019, which received Royal Assent in February.

Key Aspects of the Agreement

As we noted in a prior post when it became law in April 2018, the CLOUD Act allows a foreign government with which the U.S. has a sharing agreement to contact U.S. companies directly to compel production of personal data without notifying the individual. The Act also requires a foreign government to “demonstrate respect for international universal human rights.”

The agreement applies to a “broad class of investigations” including terrorism, transnational organized crime, and child exploitation. Under the announced agreement, the U.S. will have the same authority to compel production from U.K. companies.

Although the CLOUD Act specifically outlaws foreign governments intentionally targeting U.S. persons, some critics argue that the intertwined nature of data makes it impossible to separate data of non-U.S. targets from U.S. nationals. Accordingly, the agreement includes procedures to minimize the acquisition of information concerning U.S. persons subject to the agreement.

Each government also committed to obtain permission from the other before using data gained through the agreement in prosecutions relating to essential interests — specifically, death penalty prosecutions by the United States and U.K. cases implicating freedom of speech.

Each government needs “appropriate court authorization” from a court in its own country in order to obtain data from a company in the other country. In addition, the CLOUD Act allows for diplomatic intervention if a request is inappropriate.

Speeding Exchange of Data

The governments say the agreement will reduce dramatically the time required by the current process involving intergovernmental requests using Mutual Legal Assistance agreements. Such requests can take many months. In future, requests will go directly to the technology company instead of through the corresponding government.

The text of the agreement will be available soon, after notification of Congress and Parliament.

The agreement will become effective after a six-month Congressional review and related review in Parliament.

© Copyright 2019 Squire Patton Boggs (US) LLP

TRENDING LEGAL ANALYSIS


About this Author

Thomas E. Zeno, Squire Patton Boggs, Healthcare Fraud Lawyer, Economic Crimes Attorney
Of Counsel

Thomas Zeno has more than 25 years of experience in the US Attorney’s Office for the District of Columbia. During that time, Tom investigated and prosecuted economic crimes involving healthcare, financial institutions, credit cards, computers, identity theft and copyrighted materials. As the office’s Healthcare Fraud Coordinator for the last eight years, Tom supervised investigation strategies of agents from the Federal Bureau of Investigation, the Department of Health and Human Services, the Drug Enforcement Administration and the Medicaid Fraud Control Unit regarding...

202 626 6213