The new law obligates Internet companies in the USA to grant American authorities access to the data of their users even if the data are not stored in the USA. The CLOUD Act thus circumvents international legal assistance.
At the same time, the CLOUD Act also provides the possibility for foreign authorities to obtain access to user data stored in the USA.
Interested countries can sign bilateral agreements with the USA for this purpose.
The background for the new law, among other things, is Microsoft’s refusal to give US authorities access to user data stored in Ireland. The case United States vs. Microsoft Corp. has been brought before the US Supreme Court. It remains to be seen how the Supreme Court will deal with the fact that the new law explicitly allows something whose legitimacy has yet to be decided in court.
Author: Prof. Dr. Thomas Hoeren
Institute for Information, Telecommunication and Media Law, University of Münster
Link reference: https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-expansion-police-snooping-cross-border-data