The United States Department of Justice (DOJ) published a white paper on the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), which was enacted in March 2018 and amends the Stored Communications Act (SCA). The white paper highlights that the CLOUD Act does not give U.S. law enforcement any new legal authority to acquire data. Instead, it confirms an established principle that communications service providers subject to U.S. jurisdiction may be required to produce data in their possession or control pursuant to lawful process, regardless of whether the data is stored in the U.S. or abroad. The white paper largely focuses on the CLOUD Act’s new concept of bilateral “executive agreements,” which would facilitate data production between the U.S. and other countries in a way that augments (but does not supplant) existing mechanisms for resolving conflict-of-law issues, such as Mutual Legal Assistance Treaties and principles of international comity. No such executive agreement has been executed to date. Notably, the white paper clarifies that the CLOUD Act is “encryption neutral,” and does create any new authority for law enforcement to compel service providers to decrypt communications.
April 15, 2019
DOJ offers guidance on the CLOUD Act
Related by Topic
The Federal Data Protection Regime You May Not Know Is Coming: DOJ’s Bulk Data Transfer Rules
April 1, 2025
Insight
California federal court enjoins the enforcement of California’s child privacy law
March 17, 2025
News Alert
California reaches $632,500 settlement with Honda to resolve privacy violations
March 12, 2025
News Alert