- DOJ publishes whitepaper on the US CLOUD Act with purpose, scope and FAQ on 29 questions.
- CLOUD Act allows US authorities to access data at US companies or their foreign subsidiaries without legal assistance proceedings.
- Providers can contest surrender; protection depends on the existence of a bilateral implementation agreement with the USA.
- In the absence of an implementation agreement, the court decides more freely on amending or revoking the order by means of a common-law comity analysis.
The U.S. Department of Justice DOJ has issued a Whitepaper on the US CLOUD Act published. The whitepaper discusses the purpose and scope of the US CLOUD Act and includes an FAQ on 29 common questions.
“CLOUD Act” stands for “Clarifying Lawful Overseas Use of Data Act.” The CLOUD Act came into force in the USA on March 23, 2018 and supplements the Stored Communications Act (SCA). At its core, the CLOUD Act allows U.S. authorities to access data held or under the custody or control of U.S. companies or foreign subsidiaries without seeking legal redress. The affected provider can defend itself against the handover, whereby it depends on whether the data is located in a country that has concluded a so-called “execution agreement” with the USA. If this is the case, the company can demand that the order be lifted if the user is not a U.S. citizen or resident and there is a substantial risk that the provider will violate foreign law by releasing the data. In the absence of a bilateral agreement between the state in question and the U.S., the provider concerned can also challenge the surrender order. In this case, the court conducts a so-called common-law comity analysis and decides more freely whether to modify or lift the order.