After four years of secrecy negotiations, the United Kingdom and the United States finally published on 7 October 2019 the text of their data exchange agreement, which aims to facilitate cross-border access to electronic data for the purpose of combating serious crime. This long-awaited agreement is the first of the executive agreements provided for in the CLOUD Act. As I rightly said, “it is essential to offer not only a window into the approach of the United States and Britain, but also probably a fundamental plan for other agreements that may follow.” Indeed, the United States and the European Union have recently begun negotiations to conclude an agreement in this area, while the United States and Australia have also announced that they have started similar negotiations. We expect a copy of the agreement to be published in the near future, following notification by Congress and Parliament. The filing contained confirmation from the Attorney General that the United Kingdom met the requirements of 18 U.S.C§ 2523(b) for a qualified foreign government. In accordance with Article 2523 (d) (2), the agreement will enter into force on 8 July 2020, unless the Congress adopts a joint resolution of disapproval before that date. Nathan Swire`s Lawfare Blog Article « Applying the CLOUD Act to the U.S.-U.K. Bilateral Data Access Agreement” describes the requirements of an executive agreement under the CLOUD Act as well as congressional oversight function for those agreements. With regard to this requirement, the agreement recognizes in its preamble that “the respective legal frameworks of both parties for access to electronic data contain adequate and essential safeguards for the protection of privacy and civil liberties”.
The Agreement also stipulates, in Article 3, 3, that the national law of each Party adequately protects privacy and civil liberties and commits each Party to inform the other Party of any change in national law affecting that provision. Article 9(1) to (2) also states that the processing of data under contracts covered by the Agreement is fully compatible with the respective data protection laws of each Party and with the international treaties to which they are subject. Part of the purpose of these agreements is to allow partner countries to conduct investigations within U.S. borders and remove barriers to U.S. law enforcement abroad. Such harmonisation of efforts is also underway in Europe: the European Commission announced in February that it would start negotiating an EU-wide system for cross-border access to electronic evidence, which it calls the “e-evidence” framework. The United States announced the launch of a similar negotiation process with the European Union in September and with Australia in October. Since the cross-border exchange of data is on the agenda both in the US and within the EU, the US and the UK are on the agenda.
The agreements can therefore serve as an early model for such agreements and a model for the united States` priority areas in its negotiations. This globalization of criminal evidence poses considerable challenges to prosecutions. Traditional cross-border mechanisms, such as mutual legal assistance contracts, are widely considered too slow and cumbersome. The explanatory memorandum to the agreement between the United Kingdom and the United States states that `the total duration of the process [of an application for MLAT transmitted by the United Kingdom to the United States] is generally one year, but may be several years`. . . .