Receive our daily newsletter

Cross-Border Agreement Allows U.S. and UK Law Enforcement Expedited Access to Tech Company Data

Commentary by Joseph Moreno and Steven Lofchie

U.S. Attorney General William P. Barr and UK Home Secretary Priti Patel entered into a cross-border agreement that "will dramatically speed up investigations by removing legal barriers to timely and effective collection of electronic evidence." The U.S.-UK Bilateral Data Access Agreement permits each law enforcement agency the ability to obtain electronic data from communications service providers ("CSPs") for investigations of specified serious crimes.

The two countries reportedly agreed to (i) facilitate the sharing of information relating to a broad class of investigations, including terrorism, organized crime, child sexual abuse, and cybercrimes, (ii) not specifically target individuals of the other country, and (iii) show proof to CSPs that disclosures demanded under the agreement are consistent with applicable data protection laws. Under the agreement, the U.S. and UK will obtain permission from the other before using any data obtained in a criminal prosecution. Previously, law enforcement agencies were required to utilize Mutual Legal Assistance Treaties ("MLATs") to seek the assistance of foreign counterparts to obtain such information-a process that could take up to two years.

The 2018 Clarifying Lawful Overseas Use of Data ("CLOUD") Act authorized the United States to enter into agreements with other countries to obtain access to electronic information related to individuals or entities located overseas.

The agreement will go into effect only after review and approval by Congress and the UK Parliament.

Commentary's picture
Joseph Moreno

A long time in coming, this U.S.-UK CLOUD Act Agreement is the culmination of negotiations between the two countries that predated enactment of the CLOUD Act itself. It is a recognition that the existing MLAT system is a slow and cumbersome tool and just not up to the task of quickly obtaining data in a constantly changing digital world. Despite early reports, the agreement does not require decryption of data held by CSPs such as WhatsApp, and it remains limited to the most serious matters and cannot be utilized for routine criminal investigations. But the ability to directly serve a UK Court order on a U.S. CSP (or vice versa) should be a powerful tool for criminal investigators working on high-stakes matters when time is of the essence.

Premium Content

Available only to Cabinet Premium subscribers.



Cybersecurity, Regulatory Co-operation
Regulated Entities: 
Affected Jurisdiction: