Everything You Need to Know About the CLOUD Act
While you were reeling from the Facebook and Cambridge Analytica scandal, the U.S. government quietly passed a piece of legislation that has far bigger implications for your data.
The law is called the Clarifying Overseas Use of Data (CLOUD) Act. It’s basically an update to the Electronic Communications Privacy Act (ECPA), a series of laws that regulate how U.S. law enforcement officials can access data stored overseas. Congress passed those laws in 1986, and both the U.S. government and major tech companies believe they are ill-equipped to handle today’s electronic communications.
Up until last week, the U.S. could only access data stored overseas through mutual legal-assistance treaties (MLATs). With a MLAT, two or more nations put in writing exactly how they are willing to help each other with legal investigations. The Senate votes on each MLAT, and it must receive a two-thirds approval to pass.
The CLOUD Act gives the U.S. an alternative to MLATs.
Through the CLOUD Act, U.S. law enforcement officials at any level, from local police to federal agents, can force tech companies to turn over user data regardless of where the company stores the data.
The CLOUD Act also gives the executive branch the ability to enter into “executive agreements” with foreign nations, which could allow each nation to get its hands on user data stored in the other country, no matter the hosting nation’s privacy laws. These agreements don’t require congressional approval.