Earlier this month, the U.S. Department of Justice (“DOJ”) published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act” (“White Paper”). The Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) was enacted in March 2018 by the U.S. government to aid foreign and U.S. investigators in obtaining access to electronic information related to serious crimes and held by service providers. The CLOUD Act authorizes the U.S. to enter into bilateral agreements with foreign countries that abide by a baseline standard for rule-of-law, privacy and civil liberties protections to streamline processes for obtaining electronic evidence. The CLOUD Act also codifies the principle that a company subject to U.S. jurisdiction “can be required to produce data the company controls, regardless of where it is stored at any point in time.”
The White Paper was compiled with the input of attorneys from the DOJ’s Criminal Division and the National Security Division. The paper outlines challenges that investigators face in cross-border data requests and discusses the purpose and scope of the CLOUD Act in addressing them. The paper concludes with a list of resources for more information and a set of 29 questions and answers addressing common inquiries and misconceptions regarding the CLOUD Act.