The US House of Representatives has approved the Clarifying Lawful Overseas Use of Data (CLOUD) Act, tacked on to a spending bill at the last minute, despite the concerns of privacy campaigners.
Signed into law by US President Donald Trump late Friday, the Clarifying Lawful Overseas Use of Data Act is designed to extend and improve the US government's access to data held in foreign nations and vice-versa - in particular in cloud computing environments, as per the act's rather awkward backronym CLOUD. Its critics, including the Electronic Frontier Foundation, warn that it provides governments around the world with a range of new privacy-sapping powers including: the ability for the US police to obtain access to data regardless of whether it is stored by, used by, or owned by a US citizen or corporation; allowing foreign police and governments to demand personal data stored in the US without a warrant or judge's oversight; and allowing the US president to enter into so-called 'executive agreements' which allow police in foreign nations to seize US-held personal data without agreeing to follow stronger US privacy regulations.
In short, privacy activists are calling the Act a disaster - and warn that it has been entered into law without debate, review, a hearing, or an independent vote, having been tacked onto the end of a 2,232 page and entirely unrelated government spending bill.'Make no mistake - you spoke up. You emailed your representatives. You told them to protect privacy and to reject the CLOUD Act, including any efforts to attach it to must-pass spending bills. You did your part. It is Congressional leadership - negotiating behind closed doors - who failed,' writes the EFF's David Ruiz in the organisation's update on the passing of the Act. 'Because of this failure, U.S. and foreign police will have new mechanisms to seize data across the globe. Because of this failure, your private emails, your online chats, your Facebook, Google, Flickr photos, your Snapchat videos, your private lives online, your moments shared digitally between only those you trust, will be open to foreign law enforcement without a warrant and with few restrictions on using and sharing your information. Because of this failure, US laws will be bypassed on US soil.'
Those who support the bill, including cloud computing giants Apple, Facebook, Google, Oath (formerly AOL), and Microsoft, claim that it represents an improvement over the regulation which proceeded it. An open letter sent in February (PDF warning) explains how the Act 'would create a concrete path for the US government to enter into modern bilateral agreements with other nations that better protect customers, and 'would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement' - an assertion the EFF and others argue against, thanks to the power of executive agreements.
For the UK, however, the passing of the CLOUD Act brings little change: One of the main criticisms against it is that it closely echoes a separate data-sharing agreement between the US and the UK which was already under fire by privacy campaigners.
November 6 2020 | 17:30