An agreement between the U.S. and U.K. governments to allow law enforcement agencies access to data held by IT service providers across the Atlantic has come into force.
The pact allows law enforcement agencies in one country to request data directly from service providers in the other country, without violating restrictions on cross-border disclosures.
It relates only to data being sought in order to counter serious crime, and the agreement is authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which was enacted by Congress in 2018.
According to the Department of Justice, it is the first such agreement of its kind and will allow each country’s investigators to “gain better access to vital data to combat serious crime in a way that is consistent with privacy and civil liberties standards.”
Under terms of the pact, orders submitted by U.S. authorities must not target people located in the U.K. and must relate to a serious crime. Similarly, orders from U.K. authorities must not target people located in the U.S.
Both governments have selected designated authorities responsible for implementing the agreement for each country. In the U.S., the designated authority is the DOJ’s Office of International Affairs (OIA), and in the U.K., it is the Investigatory Powers Unit of the U.K. Home Office.
The DOJ’s Office of International Affairs has created a CLOUD team to review and certify orders that comply with the agreement on behalf of federal, state, local and territorial authorities in the U.S. It will transmit certified orders directly to U.K. service providers and arrange for the return of responsive data to request authorities.
DOJ added that the pact is intended to enhance the ability of both countries to prosecute serious crimes such as terrorism and child exploitation.