The Cloud Act: what you need to know
The Cloud Act is an update to the Electronic Communications Privacy Act (ECPA), is a set of laws that help regulate how the U.S enforcement officials can access data stored overseas. The law was passed by Congress in 1986 and both the U.S government and major tech companies believe that they are ill-equipped to handles today's electronic communications.
The Cloud Act has two major components. With the first empowering the U.S. law enforcement to access stored data anywhere in the world, without following the many foreign data privacy laws. Secondly, it entitles the president to one-sidedly enter executive agreements with any nation. Under such agreements, foreign law enforcement officials could access stored data in the U.S. directly from U.S. organisations without following U.S. privacy rules like in the fourth amendment.
The cloud act has serious implications for EU organisations using public cloud services. As the EU’s GDPR places individuals privacy rights ahead of law enforcement to protect the data of EU citizens. However, organisations had to follow both The Cloud Act and the GDPR may find conflicting obligations.
U.S. organisations that store data elsewhere other than its own systems or do business with the EU must understand their obligations under both regulations in order to meet their compliance requirements.