Mutual Legal Assistance Treaty (MLAT)

On June 24, 2021, Australian parliament passed legislation establishing a framework for its enforcement agencies to access certain electronic data held by companies outside of Australia for law enforcement and national security purposes.  The law paves the way for the establishment of a bilateral agreement with the United States under the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act.

Similar to the function of the CLOUD Act, the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 enables Australian enforcement authorities to compel companies covered by the statute to provide data, regardless of where the data is stored.  The legislation introduces international production orders, a form of legal process for compelling real-time interception of communications or the production of stored communications and telecommunications data, which can be served directly on communications providers in foreign countries with which Australia has an agreement.
Continue Reading Australia Passes Cross-Border Data Access Law, Creates a Pathway for CLOUD Act Bilateral Agreement

On July 10, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (“CLOUD Act”) on the legal framework for the protection of personal data in the EU.

The EDPB is an independent body composed of representatives from the EU Member States’ Supervisory Authorities for data protection, the national bodies enforcing EU data protection law, such as the General Data Protection Regulation (“GDPR”).  The EDPS is a separate European body whose primary role is to ensure that European institutions respect data protection law.  Though separate bodies, the EDPB and EDPS (hereafter “the institutions”) work jointly on some matters.  Opinions issued by the institutions are not legally binding, but may be influential and are indicative of the stance of European privacy regulators regarding certain issues.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”Continue Reading European Data Protection Board Issues Opinion on U.S. CLOUD Act