For UK-based companies, the agreement also helps to reduce tensions between the CLOUD Act and the EU General Data Protection Regulation (GDPR). In July 2019, the European authorities ruled that the transfer of personal data from the EU to the United States could, in accordance with such an arrest warrant, violate the RGPD, without an international agreement establishing an enforceable law under the CLOUD that would not allow the transfer of personal data from the EU to the United States on the basis of such an arrest warrant. The opinion expressly reserved the position that a bilateral agreement under the ON CLOUD Act, as this agreement, would meet the RGPD`s cross-border transfer requirements, although Sgvo suggests it in the language of the opinion. It is clear that companies that submit documents must continue to adhere to all other principles of the RGPD, including data minimisation. The rest of the EU should await the outcome of negotiations between the US and the EU on a similar agreement, which began on 25 September 2019. The agreement allows British law enforcement agencies to access data from U.S. communications providers without verification from U.S. authorities, and the U.S. enjoys reciprocal rights. Despite this reciprocity, not all things are the same. In practice, under current legislation, the UK earns more than the US – faster access to data from major US communications providers that can be used in UK surveys. For the United States, there is no new procedure for finding data abroad that is transposed into legislation.
However, the United States now benefits from these agreements, as the burden of processing mutual legal assistance (“MLAT”) is reduced. In anticipation of ratification of the agreement, the countries of the National Council of the United States and the United Kingdom should familiarize themselves with the new regime and implement the necessary procedures and procedures to respond to the electronic data production mandates of foreign agencies within the relatively short time frame. While the CLOUD Act also clarified the ability of U.S. law enforcement agencies to require U.S. communications companies to store data stored outside U.S. territory (subject to the ability to challenge applications if arrest warrants violate data protection rights in the country where the data is stored) , it is truly obvious that their continued existence would have been without pressure from the British government. In particular, the agreement remains silent on the specific process in the United Kingdom (or the United States) that must be adopted domesticly and which leads to its implementation. Therefore, while the UNITED Kingdom has adopted The Overseas Production Orders 2019 (“COPOA”) – whose operation depends specifically on the existence of an agreement between the United Kingdom and the United States – the agreement does not only affect copoa treatment. To a large extent, it can be assumed that the agreement will be used to implement the requirements of the Investigatory Powers Act 2016 (IPA) and COPOA on the basis that certain processes under the IAP meet the requirements of the agreement, since they relate to a specific person or other identifier; are based on requirements of appropriate justification based on facts, specificity and legality that are articulable and credible; relate to the prevention and detection of serious offences (in the case of very similar definitions of the agreement and the PPI); and are issued subject to review by a court, judge, judge or other independent authority.