State Department Seeks Comment on UK Privacy Protections for CLOUD Act Certification
September 9, 2019
The State Department is seeking comment on certification of the UK for a CLOUD Act agreement. The CLOUD Act permits the U.S. to enter into "executive agreements" that allow foreign authorities to order production of communications content stored in the U.S. without obtaining a warrant. To form an agreement, the Attorney General must certify to Congress that the country's domestic law "affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection and activities of the foreign government." The State Department is required to take into account expert input for the certification and is seeking comments on the rule of law in the UK, protection of human rights, and other factors listed for consideration in the CLOUD Act Section 105(b)(1)(B)(i-vi). Comments must be submitted via email to IFBHR@state.gov by Friday, September 13th. Earlier this year, EPIC International Counsel Eleni Kyriakides argued in the European Data Protection Law Review that the CLOUD Act fails to include key human rights protections, such as notice, judicial authorization, and transparency.