TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP Publications Editor, March 16, 2018 Related reading: A view from DC: Is your privacy notice stuck in the ’90s?



Greetings from Portsmouth, NH!

One of the hot privacy topics in the U.S. this week has been the fate of the Clarifying Lawful Overseas Use of Data Act, better known as the CLOUD Act. This pending legislation, which deals with cross-border data transfers in law enforcement cases, is drawing both strong support and opposition.

Tech companies have been asking Congress to revamp government data access requests for years now. Microsoft's Brad Smith testified in Feb. 2016 that increased data access requests were bumping up against outdated U.S. law and that it was high time Congress should act. Of course, Microsoft is in the middle of a long-running legal case involving a Department of Justice request for a suspect's emails stored on a server in Ireland. The case has made its way up to the Supreme Court and a decision is expected in June. 

Last month, several of the world's biggest tech companies — including Apple, Facebook, Google, Microsoft, and Oath — sent a letter to the bipartisan group of senators who sponsored the CLOUD Act, saying the bill "reflects a growing consensus in favor of protecting Internet users around the world and provides a logical solution for governing cross-border access to data. ... Importantly, the legislation would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement." 

But not everyone agrees the CLOUD Act is good for privacy or human rights. Writing up its own letter expressing concerns, a coalition of privacy, civil liberties and human rights organizations — including the American Civil Liberties Union, the Center for Democracy & Technology, and Human Rights Watch — argues the bill "undermines privacy and other human rights, as well as important democratic safeguards." 

Mutual Legal Assistance Treaties represent one major issue. Under current law, governments use MLATs to seek data that is stored in the U.S., which requires a warrant from a federal judge. The CLOUD Act would bypass these MLATs, which tech companies and law enforcement have argued are slow and cumbersome. The coalition is also concerned the bill would give the executive branch too much power in determining agreements with foreign law enforcement officials. The Electronic Freedom Foundation has gone as far as arguing that the bill, like Section 702 of FISA, would amount to a "backdoor around the Fourth Amendment." 

On Thursday, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., released a joint statement opposing the CLOUD Act in its present form and asked the Senate Appropriations Committee to remove it from the must-pass spending bill. "While the MLAT process has its faults," they write, "the CLOUD Act places far too much power in the President's hands and denies Congress its critical oversight role." If the president entered into an agreement with a foreign government, Congress would only have 90 days to pass a disapproval resolution overturning such an agreement. Wyden and Paul also argue that the bill was only introduced five weeks ago and that the legislature should have more time to debate the nuances of the proposal. 

In a post for Lawfare, however, Peter Swire and Jennifer Daskal expressed support for the CLOUD Act, countering arguments from the privacy and civil liberties coalition that it would hurt privacy and human rights. Interestingly, they argue that not having an updated law like the CLOUD Act will ultimately prompt other governments to pass data localization laws, which, in turn, would hurt privacy and human rights in repressive nations. They also point out that the DoJ may well win its case against Microsoft, and "if congressional dawdling allows the Supreme Court to rule against Microsoft before the bill is passed, bargaining power will shift to the Justice Department and against those supporting strong privacy protections." Though the bill is imperfect, they write, "Let not the perfect be the enemy of the good." 

A lot rides on this proposed bill. Will Congress act? 


If you want to comment on this post, you need to login.