On March 23, 2018, President Trump passed the Clarifying Lawful Overseas Use of Data Act, better known as the “Cloud Act”. The Act provides a streamlined framework for law enforcement to seek assistance from data hosting providers while pursuing criminal investigations.
The Cloud Act amends the existing Electronic Communications Privacy Act of 1986 to compel technology companies to preserve, back up or disclose the contents of a wire or electronic communication and any other record or communication pertaining to a customer or subscriber, regardless of whether that information is stored within, or outside of, the US, upon the request of law enforcement.
The Cloud Act also enables the US Department of Justice, and other governmental agencies, to enter into reciprocal agreements with certain foreign governments to enable such governments to demand data from US providers without the need to involve US courts or the US Justice Department.
Prior to the passage of the Cloud Act, US law enforcement had to rely upon Mutual Legal Assistance Treaties with foreign countries to request data access, a system which was largely deemed slow and ineffective.
The Act provides a process to appeal requests that may create conflict with the laws of foreign government. Service providers have 14 days after receipt of a data access request to file a motion to modify or quash the legal proceeding if compliance creates a material risk that the provider would violate the laws of the qualifying foreign government and compliance would not be in “the interests of justice”.
Summary By: Jennifer Davidson