On 10th April, the DoJ announced the publication of a White Paper on the Clarifying Lawful Overseas Use of Data Act (aka the CLOUD Act).  The CLOUD Act was enacted in March 2018 and updates the legal framework for how law enforcement authorities may request electronic evidence needed to protect public safety from service providers while respecting privacy interests and foreign sovereignty.  The CLOUD Act has 2 elements –

  • the Act authorises the US to enter into bilateral agreements to facilitate the ability of trusted foreign partners to get the electronic evidence they need to combat serious crimes; and
  • the Act makes explicit in US law the established principle – longstanding in both the US and in many foreign countries – that a company subject to US jurisdiction can be required to produce data within its custody and control, regardless of where it chooses to store that data at any point in time. In doing so, it reverts the legal situation in the US to that prior to the Supreme Court Microsoft decision of 2016.

The White Paper describes the interests and concerns that prompted the enactment of the CLOUD Act and provides a concise point-by-point distillation of the effect, scope, and implications of the Act, as well as answers to FAQ.

The White paper itself is available at –

The DoJ also has a dedicated CLOUD Act resources page –

Author: raytodd2017

Chartered Legal Executive and former senior manager with Isle of Man Customs and Excise, where I was (amongst other things) Sanctions Officer (for UN/EU sanctions), Export Licensing Officer and Manager of the Legal-Library & Collectorate Support Section

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s