CLOUD Act, Schrems II, and data transfers: Which one does not belong?

As the Schrems II decision focuses on transfers of data, the US CLOUD Act does not significantly enter into the mix. By David Kessler and Sue Ross of Norton Rose Fulbright LLP.

There seems to be a lot of confusion about the nature and scope of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) (HR 4943, PL 115-141, enacted 23 March 2018), and its relationship — of lack thereof — to the transfer of personal data from the EU under the Schrems II decision.

The US CLOUD Act modifies the Stored Communications Act (SCA), which is not directly applicable to most US companies. The CLOUD Act only applies to electronic communications (such as stored email) and prevents access by the US government as well as by individuals. The CLOUD Act is also focused on the US government obtaining a warrant or similar court order in criminal matters.

Continue reading

International Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.