DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Landmark U.S.-UK Data Access Agreement Enters into Force

Posted on October 3, 2022 by Dissent

The Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime (“Data Access Agreement” or “Agreement”) entered into force today. The Agreement is authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a law enacted by Congress in 2018, and will be the first agreement of its kind, allowing each country’s investigators to gain better access to vital data to combat serious crime in a way that is consistent with privacy and civil liberties standards.

Under the Data Access Agreement, service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures. The Data Access Agreement fosters more timely and efficient access to electronic data required in fast-moving investigations through the use of orders covered by the Agreement. This will greatly enhance the ability of the United States and the United Kingdom to prevent, detect, investigate, and prosecute serious crime, including terrorism, transnational organized crime, and child exploitation, among others.

The Data Access Agreement sets out numerous requirements that must be met for U.S. or UK authorities to invoke the Agreement. For example, orders submitted by U.S. authorities must not target persons located in the UK and must relate to a serious crime. Similarly, orders submitted by UK authorities must not target U.S. persons or persons located in the United States and must relate to a serious crime. U.S. and UK authorities must also abide by agreed requirements, limitations and conditions when obtaining and using data obtained under the Data Access Agreement.

The United States and the United Kingdom have selected Designated Authorities responsible for implementation of the Data Access Agreement for each country. For the United States, the Designated Authority is the Department of Justice’s Office of International Affairs (OIA), and for the United Kingdom it is the Investigatory Powers Unit of the UK Home Office.

Among its various functions as U.S. Designated Authority, OIA has created a CLOUD team to review and certify orders that comply with the Agreement on behalf of federal, state, local, and territorial authorities located in the United States, transmit certified orders directly to UK service providers, and arrange for the return of responsive data to the requesting authorities.

For more information on the CLOUD Act, the Data Access Agreement and OIA, please visit: https://www.justice.gov/cloudact and https://www.justice.gov/criminal-oia.

Source: U.S. Department of Justice

Category: LegislationOf Note

Post navigation

← VT: Randolph-area school district disables its own website following transphobic hack
Why won’t they tell you that your data were leaked? Why doesn’t the government make them tell you? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.