In the flurry of deal-making that resulted in a 2,232-page funding bill released Wednesday, lawmakers negotiated the inclusion of “The Clarifying Lawful Overseas Use of Data Act” (often referred to as the “CLOUD Act”) (see page 2,201 of the bill text).  The CLOUD Act provides a procedural structure for law enforcement to pursue the preservation or production of data and other information residing on servers located overseas that is within the possession, custody or control of the provider.

In this age of cloud computing, data can rest overseas or in multiple locations. As we’ve previously discussed, it is increasingly common to see extraterritorial legal disputes arise when parties attempt to apply laws passed before the digital age to our current landscape.

In some cases, a provider that is storing the data of a foreign subject on servers overseas may be under conflicting legal obligations (e.g., the U.S. Government or a foreign law enforcement agency may request disclosure of electronic communications or emails stored in the cloud, but disclosure of such electronic data without certain due process may be prohibited by foreign law).  While international agreements, such as mutual legal assistance treaties (MLATs) may provide a mechanism for the U.S. to obtain information overseas with certain nations, law enforcement agencies have bemoaned that such procedures can be burdensome in a time-sensitive investigation.  In balancing the interests of law enforcement with those of the providers, the CLOUD Act offers a mechanism for providers to bring a motion to quash requests for disclosure of a foreign individual’s communications, requiring a court to conduct a comity analysis to determine if based on the totality of the circumstances, the request would place the technology provider in violation of foreign law and the interests of justice dictates that the legal request for data should be modified or quashed.  The language of the bill also provides a framework for negotiating reciprocal treaties to request foreign-stored digital data.

If the CLOUD Act is passed, as appears to be imminent, one immediate question will be the impact (if any) on a case currently before the Supreme Court that concerns whether a U.S. provider of email services must comply with a probable cause-based warrant issued under the Stored Communications Act by disclosing electronic communications within its control, even if the data at issue was stored abroad. During oral argument, at least one justice noted that perhaps the most ideal solution to this thorny issue is a bipartisan legislative solution.

While the CLOUD Act has its supporters and detractors, it appears Congress attempted to create a solution that tries to balance the needs of law enforcement and the legal interests of technology providers (and the privacy interests of their users).  Moreover, as U.S. cloud computing providers operate around the world, the bill also assuages their concerns that a lack of legal protections over disclosure of user data to law enforcement might alienate foreign customers.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise…

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.