The report specifically focuses on language in the CLOUD Act that allows U.S. law enforcement agencies, under certain circumstances, to lawfully demand data stored in foreign countries from entities subject to U.S. jurisdiction. The report addresses concerns that this language in the CLOUD Act gives the U.S. government new powers to surveil and monitor the data of non-U.S. citizens or businesses using a cloud services provider with operations in the United States. The report concludes that such fears are overstated.
Other highlights of the report include:
- An explanation of how the CLOUD Act seeks to restore the legal consensus that U.S. law enforcement agencies can reach data stored extraterritorially from a U.S. entity that had “possession, custody, or control” over the data.
- A discussion of the meaningful limitations on U.S. law enforcement that the CLOUD Act leaves in place.
- A comparative analysis of the European Union’s approach to cross-border data requests from law enforcement, which is largely consistent with the CLOUD Act.
- An examination of whether the CLOUD Act violates international law or the GDPR.
Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura.
To download the full report, click here.