In October 2019, the UK and U.S. Governments signed an agreement on cross-border law enforcement demands for data from Communication Service Providers (the “Agreement”, which we described in our earlier post here). Only now, however, have the two countries completed the procedural steps required to bring the Agreement into force. On July 21, 2022, they issued a joint statement (available here) explaining that the Agreement will come into force on October 3, 2022.

The joint statement emphasizes that the aim of the Agreement is to “allow information and evidence that is held by service providers within each of our nations and relates to the prevention, detection, investigation or prosecution of serious crime to be accessed more quickly than ever before.” The UK Government’s factsheet on the announcement (available here) further clarifies that the process under the Agreement is intended to be faster than processes under existing mutual legal assistance treaties (“MLAT”). This is because, as set out in our prior post, Communication Service Providers subject to UK or U.S. jurisdiction will no longer be prohibited under domestic law from responding to demands from competent authorities in the other country to the extent that demand is made under the Agreement. Under MLAT processes, in contrast, authorities issuing a demand for data in one country must typically wait for law enforcement authorities in the other country to issue a demand under their domestic legislation, and this typically takes a significant amount of time.

The substance of the Agreement remains unchanged by the joint announcement, but the practical upshot is that from October 3, Communication Service Providers in the UK and the United States will need to be prepared to recognize demands issued under the Agreement. These providers should also note that the Agreement does not oblige law enforcement authorities to issue data demands under it. In other words, authorities can continue to issue demands outside the scope of the Agreement.

It is unclear what, if any, impact the entry into force of the Agreement will have on the UK’s status as an “adequate” jurisdiction under the EU’s General Data Protection Regulation (“GDPR”). The current adequacy decision takes the position that the Agreement as written would not undermine the level of protection provided by UK law, but the Commission also asserts that it will take account of any developments resulting from the application of the Agreement in practice as part of ongoing monitoring of the adequacy decision. Accordingly, any potential impact of the Agreement on UK adequacy is likely to emerge only after October 3.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Paul Maynard Paul Maynard

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice encompasses regulatory compliance and investigations alongside legislative advocacy. For more…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice encompasses regulatory compliance and investigations alongside legislative advocacy. For more than two decades, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, artificial intelligence, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services.

Lisa also supports Covington’s disputes team in litigation involving technology providers.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Jim Garland Jim Garland

Jim Garland’s practice focuses on government investigations and enforcement matters, litigation, and cybersecurity. Recognized by Chambers USA as a leading practitioner in both the white collar and cybersecurity categories, Jim draws upon his experience as a former senior Justice Department official to advise…

Jim Garland’s practice focuses on government investigations and enforcement matters, litigation, and cybersecurity. Recognized by Chambers USA as a leading practitioner in both the white collar and cybersecurity categories, Jim draws upon his experience as a former senior Justice Department official to advise clients on sensitive, multidimensional disputes and investigations, often with national security implications. He previously served as co-chair of Covington’s “Band 1”-ranked White Collar and Investigations Practice Group and currently is a member of the firm’s Management and Executive Committees.

Jim regularly represents corporate and individual clients in government investigations and enforcement actions. He has successfully handled matters involving allegations of economic espionage, theft of trade secrets, terrorism-financing, sanctions and export control violations, money laundering, foreign bribery, public corruption, fraud, and obstruction of justice. He has particular expertise advising clients in connection with investigations and disputes involving electronic surveillance and law enforcement access to digital evidence.

Jim has substantial experience litigating high-stakes, multidimensional disputes for clients across a range of industries, including companies in the high-tech, financial services, defense, transportation, media and entertainment, and life sciences sectors. Many of his civil representations have substantial cross-border dimensions or involve parallel government enforcement proceedings in multiple forums.

In conjunction with his investigations and litigation practice, Jim regularly assists clients with cybersecurity preparedness and incident-response matters. He helps clients in assessing security controls and in developing policies and procedures for the protection of sensitive corporate data. He also regularly assists companies in responding to significant cybersecurity incidents, including in connection with criminal and state-sponsored attacks targeting customer and employee data, financial information, and trade secrets.

From 2009 to 2010, Jim served as Deputy Chief of Staff and Counselor to Attorney General Eric Holder at the U.S. Department of Justice. In that role, he advised the Attorney General on a range of enforcement issues, with an emphasis on criminal, cybersecurity, and surveillance matters.