The Justice Ministry did not publish the text of the agreement, but considered it “an extended lifting of restrictions on a wide class of investigations that are not aimed at residents of the other country and the certainty that disclosures by the agreement are compatible with data protection legislation.” The ministry`s statement said the two countries “have committed to obtaining each other`s permission before using the data obtained by the agreement for repressive actions related to the essential interest of one party – in particular the US prosecution of the death penalty and the British cases concerning freedom of expression.” Despite this progress in lawsuits between the two countries, the agreement does not change anything about how companies can use encryption or prevent data encryption. Law enforcement often has to deal with a patchwork of different procedures that depend on where the data of investigation interest landed (sometimes arbitrarily). This increasingly slows down investigations and creates barriers in the event of a conflict between the laws of two (or more) jurisdictions.2 The covered data that a communication provider can provide is varied and includes not only the content of communications, but also traffic or metadata data related to the communication or data storage. An order may also ask for credentials about the account holder, including names, addresses, and payment methods.10 While the scene is ready, the operation of the agreement looks like a play that still needs to be written on the last and perhaps even the second act. There will clearly be an element of learning by doing. In any case, the operation of the agreement will attract the attention, most likely from data protection advocates and, above all, because it does so on the threshold of broader data protection and adequacy considerations regarding the relationship between the US, the EU and the UK, which were so clearly highlighted in the recent ECJ decision in Schrems II. The agreement does not create additional powers for US or UK law enforcement authorities to obtain data, but facilitates the use of existing powers. Therefore, any request for data must be made in accordance with the legislation of the requesting country and must be subject to independent supervision or control by a designated authority. These national laws apply an additional level of safeguards to this process. The Department of Justice announced yesterday that the United States and the United Kingdom have entered into the first of the international executive agreements authorized under the Data Use Act (CLOUD) that allows for a faster and more direct exchange of electronic communications stored in many types of criminal and national security investigations.1 Within seven days of the certification of an executive agreement. The Attorney General must submit the agreement to the Judiciary Committees of the Senate and House of Representatives, the Senate Foreign Relations Committee and the Foreign Affairs Committee of the House of Representatives. The agreement will come into effect 180 days later, unless Congress passes a joint resolution of disapproval, in accordance with the procedures set out in the CLOUD Act. .
- No categories