The CLOUD Act
(Clarifying Lawful Overseas Use of Data Act
) contains a new legal framework for government access to emails and other data stored abroad.
The legislation aims at establishing procedures to protect public safety and to combat serious criminal offenses in order to enable domestic authorities taking access to data even if stored on servers abroad.
To this end, the CLOUD Act provides for the conclusion of bilateral executive agreements with other qualifying foreign governments for cooperation in the event of requests for data access. Such an agreement with a government would then not only allow U.S. authorities, within the agreed framework, to access data stored abroad with the involvement of local authorities, but, conversely, also the authorities of that state to access data in the USA. Court orders will not be required.
The authorities of a state should be allowed to address their requests directly to the company abroad that controls the respective server. Governments that enter into an agreement with the USA on the basis of the CLOUD Act must therefore legally obligate domestic companies to disclose data.
As far as the EU is concerned, the European Commission is currently preparing a legislative proposal for cross-border “access to electronic evidence.” An initial draft is to be presented on April 17, 2018.