The United States government has a powerful new tool to gain access to data stored overseas – the CLOUD Act, which was enacted this spring. If you are a company based overseas, particularly if you use a cloud service provider with a significant U.S. presence, it just got a lot easier for the U.S. government to get your data, and the data you hold for your customers.
Background to the CLOUD Act
Since 1986, U.S. law enforcement’s access to electronic data held by private third parties has been regulated by the Electronic Communications Privacy Act (ECPA,18 U.S.C. § 2510 et seq). That law was enacted, in part, to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer and stored electronic communications. These issues are addressed in Title II of ECPA, known as the Stored Communications Act (SCA). While ECPA and the SCA have been amended several times since 1986, their primary provisions have remained the same, meaning that much of American law relating to government access to electronic data held by third parties was in fact drafted several years before email was commonly used and the World Wide Web was even created. Continue Reading