The Executive Agreement Cloud Act: What You Need to Know

The Executive Agreement Cloud Act was signed into law in March 2018, and it has been the subject of much debate ever since. The law allows US law enforcement agencies to access data stored on servers outside of the country, and has sparked concerns about privacy and data protection. In this article, we’ll take a closer look at what the law entails, who it affects, and what it means for businesses operating in the cloud.

What is the Executive Agreement Cloud Act?

The Executive Agreement Cloud Act (EACA) is a law that allows US law enforcement to compel technology companies to hand over data stored on servers outside of the US. This data may be accessed even if it is not related to a US citizen or resident, and could be stored in a country that has stronger data protection laws than the US.

The EACA was passed as a response to a case involving Microsoft, which had refused to hand over data stored on servers in Ireland to US law enforcement. The case went all the way to the Supreme Court, where it was eventually ruled that Microsoft did not have to hand over the data. The EACA was passed in order to clarify the law in this area, and to ensure that US law enforcement has access to data stored overseas.

Who does the EACA affect?

The EACA affects any company that stores data in the cloud, particularly if that data is stored on servers outside of the US. This includes cloud storage providers like Dropbox and Google Drive, as well as software-as-a-service (SaaS) providers like Salesforce and Oracle. Even companies that do not store data in the cloud may be affected if they use cloud-based software solutions.

The EACA applies to any US law enforcement agency, including the FBI, the CIA, and the NSA. These agencies can use the EACA to access data stored overseas if they believe that it is relevant to a criminal investigation.

What are the concerns around the EACA?

The EACA has sparked concerns about privacy and data protection, particularly in countries with stronger data protection laws than the US. For example, the European Union’s General Data Protection Regulation (GDPR) requires that companies protect the privacy of EU citizens’ data, regardless of where that data is stored. The EACA could potentially force companies to violate the GDPR in order to comply with US law enforcement requests.

There are also concerns about the potential for abuse of the law. The EACA allows US law enforcement to bypass the traditional process of accessing data through legal treaties, which could make it easier for them to access data for surveillance purposes rather than criminal investigations.

What does the EACA mean for businesses?

Businesses that store data in the cloud should be aware of the EACA and its implications. They may want to consider strategies for protecting their data, such as encrypting it or storing it in countries with strong data protection laws. They should also be prepared to respond to requests for data from US law enforcement agencies, which could involve legal challenges and compliance costs.

Overall, the EACA represents a significant shift in the way that data is accessed and protected. It remains to be seen how it will be implemented in practice, and what its impact will be on businesses and individuals around the world. However, it is clear that the EACA will continue to be a subject of debate and discussion for years to come.