A DoJ news release on 16th May contained remarks made by Deputy Assistant Attorney General Richard W. Downing at the 5th German-American Data Protection Day about the Clarifying Lawful Overseas Use of Data Act – or CLOUD Act. He set out to dispel some of the misunderstandings and to explain more precisely, what the CLOUD Act does and does not do and, to do so, contracts the CLOUD Act model with the status quo ante. He explained how authorises the US to enter into bilateral agreements to facilitate the ability of law enforcement partners overseas to get electronic evidence. He said that the bilateral agreements will require the foreign party adhering to certain baseline commitments to privacy and civil liberties, and partners must have adequate substantive and procedural laws on cybercrime and electronic evidence on the books. The CLOUD Act also amended an existing US law – the Stored Communications Act – to make explicit the long-held legal principle that a company operating within a country’s territory can be compelled to produce stored data within its possession, custody, or control, regardless of where it stores that data (after the Microsoft case). He goes on to say that nothing in the CLOUD Act’s clarification of US law expands US jurisdiction over foreign companies or any other entity; or expands the categories of providers subject to US jurisdiction; or alters who falls under the jurisdiction of US courts; it merely confirms the obligations of the providers that already do. He also said that nothing in the Act creates any new legal authorities under US law – it does not give law enforcement any new legal process to acquire data, nor does it reduce in any way the burden on a US investigator seeking a warrant and the approval of an independent judge.