- The CLOUD Act obliges providers of electronic communications and remote computing services to disclose data to US law enforcement authorities.
- The obligation applies regardless of the physical storage location of the data, i.e. also for data outside the USA.
- The CLOUD Act is a legislative response to questions about the extraterritorial reach of the Stored Communications Act and is related to the Microsoft case before the Supreme Court.
On March 23, 2018, Donald Trump signed the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The Cloud Act clarifies what is meant by the Stored Communications Act (SCA) was unclear: Providers of electronic communications services and providers of remote computing services are explicitly required to provide data to law enforcement agencies of the USA to be transmitted, regardless of where the data is stored (i.e. even if they are not in the USA are located).
The CLOUD Act thus provides a legislative answer to the question of the extraterritorial reach of the SCA which is pending before the Supreme Court in the United States against Microsoft (No. 17 – 2) (our report on the Microsoft proceedings can be found at here). How the Supreme Court will react to the adoption of the law remains to be seen.