Data Sharing ‘Cloud Act’ Starts Between US, UK

acquisition handshake ©Drazen shutterstock

Data sharing agreement will allow both UK, US law enforcement to request data from each other’s Internet Service Providers

The United States and the United Kingdom have this week begun a landmark data sharing agreement, which they say will help law enforcement in both countries fight terrorism and trafficking.

Dubbed the ‘Cloud Act’, the agreement came into force on Monday and the US DoJ described it as the “first agreement of its kind, allowing each country’s investigators to gain better access to vital data to combat serious crime in a way that is consistent with privacy and civil liberties standards.”

Under the Data Access Agreement, “service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country,” without “running afoul of restrictions on cross-border disclosures.”


Cloud Act

Both sides are touting the Data Access Agreement as a more timely and efficient access to required electronic data in fast-moving investigations.

They claim this will greatly enhance the ability of the United States and the United Kingdom to “prevent, detect, investigate, and prosecute serious crime, including terrorism, transnational organised crime, and child exploitation, among others.”

Both sides say the Data Access Agreement sets out numerous requirements that must be met for US or UK authorities to invoke the Agreement.

For example, orders submitted by US authorities must not target persons located in the UK and must relate to a serious crime.

Similarly, orders submitted by UK authorities must not target US persons or persons located in the United States and must relate to a serious crime.

British and American authorities must also abide by agreed requirements, limitations and conditions when obtaining and using data obtained under the Data Access Agreement.

Agreement oversight

The United States and the United Kingdom also have selected Designated Authorities responsible for implementation of the Data Access Agreement for each country.

For the United States, the Designated Authority is the Department of Justice’s Office of International Affairs (OIA), and for the United Kingdom it is the Investigatory Powers Unit of the UK Home Office.

The US meanwhile is looking to forge similar agreements with other countries.

It has reportedly signed a deal with Australia and entered negotiations with Canada.