CLOUD Act, or the Clarifying Lawful Overseas Use of Data Act, is a United States federal law that was kicked off by a pending court case when Microsoft challenged a warrant to hand over data stored in Ireland. The CLOUD Act allows U.S. federal law enforcement to request data from U.S. based technology companies regardless of geographical location. Because the General Data Protection Regulation (GDPR) sets restrictions on international data transfer, a lot of myths circulate the CLOUD Act. We gathered you the facts about CLOUD Act in an infographic.
Currently, it is not possible to object the warrant but EU Commission has the mandate to negotiate a data transfer agreement, also known as Mutual Legal Assistance in Criminal Matters treaty (MLAT), between the EU and the United States. An EU-US MLAT would ensure timely access to e-evidence for both sides, and it would address the GDPR concerns.
Liisa Holopainen, Lawyer and cyberlaw expert in Nixu, was interviewed for this blog.
Would you like to stay up to date with the new cybersecurity trends? Subscribe to the Nixu newsletter.