The Agreement between the Government of the United States and Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Combating Serious Crime (Data Access Agreement) entered into force this week.
The Agreement is authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a law enacted by Congress in 2018, and will be the first agreement of its kind, allowing investigators in each country to gain greater access to vital data to fight serious crimes in a manner that is consistent with privacy and civil liberties standards.
Under the agreement, service providers in one country can respond to legitimate and permissible requests for electronic data issued by the other country without fear of violating restrictions on cross-border disclosures.
The Ministry of Justice claims that the Data Access Agreement (DAA) will facilitate the prevention, detection, investigation and prosecution of serious crimes, such as terrorism, transnational organized crime and child exploitation.
The U.K. Home Office describes the DAA in a similar way and says it will help the U.K. in particular because a lot of online data is held by companies operating in the U.S., where it was not easily accessible.
The DAA sets out many requirements that must be met in order for U.S. or U.K. authorities to invoke the agreement.
For example, orders submitted by U.S. authorities must not be directed at persons in the U.K. and must be related to a serious crime. Similarly, orders submitted by U.K. authorities must not be directed at U.S. persons or persons in the U.S. and must be related to a serious crime.
The United States and the United Kingdom have selected designated authorities responsible for implementing the data access agreement for each country. For the U.S., the designated authority is the Office of International Affairs (OIA) in the Department of Justice, and for the U.K., it is the Investigatory Powers Unit of the U.K. Home Office.
However, enthusiasm for the DAA is not entirely shared by academics and advocates.
Tim Cochrane, a doctoral candidate in law at the University of Cambridge, UK, states in an article entitled « Digital Privacy Rights and the CLOUD Act »:
« The rights-enhancing goals of the Cloud Act agreements are to be welcomed, » he concludes. « However, much more needs to be done to make these goals a reality. The current gaps in protection under the U.S.-U.K. agreement threaten to undermine the rights of [third country individuals], which is to say, most people around the world. »