Frequently Asked Questions (FAQs) about the U.S. Cloud Act

Cross Boarder Data Forum (CBDF), 2019

13 Pages Posted: 24 Oct 2019

See all articles by Peter Swire

Peter Swire

Georgia Institute of Technology - Scheller College of Business; Georgia Tech School of Cybersecurity and Privacy; Cross-Border Data Forum

Jennifer C. Daskal

American University - Washington College of Law

Date Written: January 14, 2019

Abstract

In March, 2018 the U.S. Congress passed the Clarifying Lawful Overseas Use of Data Act (“CLOUD”) Act. This set of 29 FAQs provides a detailed explanation of the law, which has attracted scrutiny both within and outside of the United States.

The CLOUD Act contains two key parts. One part responds to foreign governments’ concerns about U.S. laws that restrict foreign law enforcement’s access to communications content held by U.S. service providers—restrictions that apply even when foreign governments are seeking to access data regarding their own nationals in the investigation of local crime. This part of the CLOUD Act authorizes the creation of bilateral executive agreements that would lift those restrictions and thereby enable foreign governments to access communications content directly from U.S.-based service providers, subject to a set of conditions. In October 2019, the United States and United Kingdom announced the first such agreement.

The second part of the CLOUD Act was enacted in response to the Microsoft Ireland case, in which the U.S. Court of Appeals for the Second Circuit ruled that warrants issued under the Stored Communication Act only reached data held within the territorial borders of the United States. The case was appealed to and argued before the U.S. Supreme Court. But before the Supreme Court announced a decision, Congress passed the CLOUD Act, mooting the case, and making clear that the location of data storage does not determine law enforcement access. Pursuant to the CLOUD ACT, a provider with “possession, custody, or control” of sought-after data can, pursuant to lawful process, be required to disclose that data “regardless of whether such communication, record, or other information is located within or outside of the United States.”

These FAQs respond to a range of questions posed about the CLOUD Act and include relevant references, including to the authors’ previous writings on relevant topics.

Keywords: CLOUD Act

Suggested Citation

Swire, Peter and Daskal, Jennifer C., Frequently Asked Questions (FAQs) about the U.S. Cloud Act (January 14, 2019). Cross Boarder Data Forum (CBDF), 2019, Available at SSRN: https://ssrn.com/abstract=3469829

Peter Swire (Contact Author)

Georgia Institute of Technology - Scheller College of Business ( email )

800 West Peachtree St.
Atlanta, GA 30308
United States
(404) 894-2000 (Phone)

Georgia Tech School of Cybersecurity and Privacy ( email )

Atlanta, GA 30332
United States

Cross-Border Data Forum

Jennifer C. Daskal

American University - Washington College of Law ( email )

4300 Nebraska Avenue, NW
Washington, DC 20016
United States
202- (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
243
Abstract Views
1,109
Rank
259,012
PlumX Metrics