On 10th April, the DoJ announced the publication of a White Paper on the Clarifying Lawful Overseas Use of Data Act (aka the CLOUD Act). The CLOUD Act was enacted in March 2018 and updates the legal framework for how law enforcement authorities may request electronic evidence needed to protect public safety from service providers while respecting privacy interests and foreign sovereignty. The CLOUD Act has 2 elements –
- the Act authorises the US to enter into bilateral agreements to facilitate the ability of trusted foreign partners to get the electronic evidence they need to combat serious crimes; and
- the Act makes explicit in US law the established principle – longstanding in both the US and in many foreign countries – that a company subject to US jurisdiction can be required to produce data within its custody and control, regardless of where it chooses to store that data at any point in time. In doing so, it reverts the legal situation in the US to that prior to the Supreme Court Microsoft decision of 2016.
The White Paper describes the interests and concerns that prompted the enactment of the CLOUD Act and provides a concise point-by-point distillation of the effect, scope, and implications of the Act, as well as answers to FAQ.
The White paper itself is available at –
The DoJ also has a dedicated CLOUD Act resources page –