In October 2019, the UK and U.S. Governments signed an agreement on cross-border law enforcement demands for data from Communication Service Providers (the “Agreement”, which we described in our earlier post here). Only now, however, have the two countries completed the procedural steps required to bring the Agreement into force. On July 21, 2022, they issued a joint statement (available here) explaining that the Agreement will come into force on October 3, 2022.

The joint statement emphasizes that the aim of the Agreement is to “allow information and evidence that is held by service providers within each of our nations and relates to the prevention, detection, investigation or prosecution of serious crime to be accessed more quickly than ever before.” The UK Government’s factsheet on the announcement (available here) further clarifies that the process under the Agreement is intended to be faster than processes under existing mutual legal assistance treaties (“MLAT”). This is because, as set out in our prior post, Communication Service Providers subject to UK or U.S. jurisdiction will no longer be prohibited under domestic law from responding to demands from competent authorities in the other country to the extent that demand is made under the Agreement. Under MLAT processes, in contrast, authorities issuing a demand for data in one country must typically wait for law enforcement authorities in the other country to issue a demand under their domestic legislation, and this typically takes a significant amount of time.

The substance of the Agreement remains unchanged by the joint announcement, but the practical upshot is that from October 3, Communication Service Providers in the UK and the United States will need to be prepared to recognize demands issued under the Agreement. These providers should also note that the Agreement does not oblige law enforcement authorities to issue data demands under it. In other words, authorities can continue to issue demands outside the scope of the Agreement.

It is unclear what, if any, impact the entry into force of the Agreement will have on the UK’s status as an “adequate” jurisdiction under the EU’s General Data Protection Regulation (“GDPR”). The current adequacy decision takes the position that the Agreement as written would not undermine the level of protection provided by UK law, but the Commission also asserts that it will take account of any developments resulting from the application of the Agreement in practice as part of ongoing monitoring of the adequacy decision. Accordingly, any potential impact of the Agreement on UK adequacy is likely to emerge only after October 3.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Paul Maynard Paul Maynard

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Lisa Peets Lisa Peets

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with…

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known software and hardware companies.

On behalf of her clients, Ms. Peets has been actively engaged in a wide range of law reform efforts in Europe, on multilateral, regional and national levels. This includes advocacy on EU and national initiatives relating to e-commerce, copyright, patents, data protection, technology standards, compulsory licensing, IPR enforcement and emerging technologies. Ms. Peets also counsels clients on trade related matters, including EU export controls and sanctions rules and WTO compliance.

In the IP enforcement space, Ms. Peets coordinates a team of lawyers and Internet investigators who direct civil and criminal enforcement actions in countries throughout Europe and who conduct global notice and takedown programs to combat Internet piracy.

Ms. Peets is a member of the European Commission’s Expert Group on reform of the IP Enforcement Directive.