The agreement allows law enforcement authorities, when they have a court injunction from their home country, to request electronic data by focusing directly on “covered providers” established in the other country, instead of requesting data on the other country`s government process. The supplier covered by the agreement is any private body which offers the public the possibility of communicating, processing or storing computer data through a computer system or telecommunications system, or any private body that processes or stores data on behalf of such a body. If approved, it will largely replace the Mutual Legal Assistance Contract (MLAT) process currently used by the US and UK to request electronic data from technology companies based in the other country, which can take years. The new process under the agreement is expected to take weeks or even days. The agreement also provides for several additional monitoring mechanisms. First, any injunction must be issued by a “designated party” – the Attorney General in the US and the Home Secretary in the UK – who must verify any injunction to ensure that the agreement is in conformity with the agreement and sign a written attestation that the order is lawful. Second, the agreement requires that the government of each country have a designated interlocutor to provide legal and practical advice to service providers responding to orders. After receiving an order, these suppliers have the right to formally oppose the issuing party and then their government of origin. If the original administration of the supplier chooses this, it can block an order at its discretion. Otherwise, the supplier could only continue to challenge the injunction in accordance with other domestic law mechanisms, since the agreement itself does not create or erase legal rights under the national law of each country. In addition, the CLOUD Act itself contains comity provisions that allow a provider to apply to set aside legal proceedings if it believes that an injunction would be contrary to the law of a foreign government. With regard to this requirement, the agreement recognizes in its preamble that “the respective legal frameworks of both parties for access to electronic data contain adequate and essential safeguards for the protection of privacy and civil liberties”.
The Agreement also provides, in Article 3, 3, that the national law of each Party adequately protects privacy and civil liberties and obliges each Party to inform the other Party of any changes in national law affecting that provision. . . .