The
Agreement between the Government of the United States of America and
the Government of the United Kingdom of Great Britain and Northern
Ireland on Access to Electronic Data for the Purpose of Countering
Serious Crime (“Data Access Agreement” or “Agreement”) entered into
force today. The Agreement is authorized by the Clarifying Lawful
Overseas Use of Data (CLOUD) Act, a law enacted by Congress in 2018, and
will be the first agreement of its kind, allowing each country’s
investigators to gain better access to vital data to combat serious
crime in a way that is consistent with privacy and civil liberties
standards.
Under the Data Access Agreement, service providers in one country may
respond to qualifying, lawful orders for electronic data issued by the
other country, without fear of running afoul of restrictions on
cross-border disclosures. The Data Access Agreement fosters more timely
and efficient access to electronic data required in fast-moving
investigations through the use of orders covered by the Agreement. This
will greatly enhance the ability of the United States and the United
Kingdom to prevent, detect, investigate, and prosecute serious crime,
including terrorism, transnational organized crime, and child
exploitation, among others.
The Data Access Agreement sets out numerous requirements that must be
met for U.S. or UK authorities to invoke the Agreement. For example,
orders submitted by U.S. authorities must not target persons located in
the UK and must relate to a serious crime. Similarly, orders submitted
by UK authorities must not target U.S. persons or persons located in the
United States and must relate to a serious crime. U.S. and UK
authorities must also abide by agreed requirements, limitations and
conditions when obtaining and using data obtained under the Data Access
Agreement.
The United States and the United Kingdom have selected Designated
Authorities responsible for implementation of the Data Access Agreement
for each country. For the United States, the Designated Authority is the
Department of Justice’s Office of International Affairs (OIA), and for
the United Kingdom it is the Investigatory Powers Unit of the UK Home
Office.
Among its various functions as U.S. Designated Authority, OIA has
created a CLOUD team to review and certify orders that comply with the
Agreement on behalf of federal, state, local, and territorial
authorities located in the United States, transmit certified orders
directly to UK service providers, and arrange for the return of
responsive data to the requesting authorities.
For more information on the CLOUD Act, the Data Access Agreement and OIA, please visit: https://www.justice.gov/cloudact and https://www.justice.gov/criminal-oia.
