The Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Fighting Serious Crime (“Data Access Agreement” or the “Agreement”) entered into force today. The agreement is authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a law passed by Congress in 2018, and will be the first of its kind to allow each country’s investigators to better access vital data to combat serious crime in a manner consistent with standards of privacy and civil liberties.
Under the data access agreement, service providers in one country can respond to qualified, lawful orders for electronic data issued by the other country without fear of conflicting with restrictions on cross-border disclosures. The Data Access Agreement promotes more timely and efficient access to electronic data required in expedited investigations through the use of orders covered by the agreement. This will greatly improve the ability of the US and the UK to prevent, detect, investigate and prosecute serious crime, including terrorism, transnational organized crime and child exploitation, among others.
The Data Access Agreement sets out several requirements that must be met for US or UK authorities to invoke the agreement. For example, orders issued by US authorities must not target people located in the UK and must relate to a serious crime. Similarly, orders issued by UK authorities must not target US persons or persons located in the US and must relate to a serious crime. US and UK authorities must also comply with agreed requirements, limitations and conditions when obtaining and using data obtained under the Data Access Agreement.
The United States and the United Kingdom have selected designated authorities responsible for the implementation of the data access agreement for each country. For the United States, the designated authority is the Office of International Affairs (OIA) of the Ministry of Justice, and for the United Kingdom it is the Investigatory Powers Unit of the UK Home Office.
Among its various functions as the U.S. Designated Authority, the OIA has established a CLOUD team to review and certify compliance orders on behalf of US federal, state, local and territorial authorities, send certified orders directly to UK service providers and arrange for the return of responsive data to the requesting authorities.
Please visit: https://www.justice.gov/cloudact and https://www.justice.gov/criminal-oia for more information on the CLOUD Act, the Data Access Agreement and the OIA.
