Policing: UK-USA Data Access Agreement coming into force in October

The UK government has announced that the 'Data Access Agreement', which seeks to ease the ability of authorities on both sides of the Atlantic to obtain data held by electronic service providers in each others' jurisdictions, will come into force on 3 October. The Agreement allows either side to request "the interception of wire or electronic communications" where deemed necessary.


The Data Access Agreement is formally entitled 'Agreement between the Government of the United Kingdom of Great Britain and Northern Ireland and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime' (pdf) and was signed in Washington on 3 October 2019.

Prior to signature, human rights and civil liberties organisations called on Congress not to approve the text, arguing that:

"...the Agreement fails to adequately protect the privacy and due process rights of U.S. and U.K. citizens.

(...)

Because the first CLOUD Act agreement will shape future deals concerning the transfer of personal data to foreign law enforcement agencies, such as the U.S.-Australia and U.S.-European Union agreements currently under negotiation, it is all the more critical that the U.S-U.K. Agreement include robust rights protections that provide an appropriate model.We believe the U.S.-U.K. Agreement falls short."

The Agreement allows "each country’s investigators to gain better access to vital data to combat serious crime in a way that is consistent with our shared values and mission of protecting our citizens and safeguarding our national security," according to a UK government statement.

A separate "factsheet" notes that:

"When a UK law enforcement agency is trying to prevent, detect, investigate or prosecute a serious crime, the UK law allows them to seek data relevant to the particular crime. In the case of data held by telecommunications operators, this could include information such as pictures or messages.

Many of the currently popular telecommunications services, such as social media platforms and messaging services, operate within US jurisdiction. Unfortunately, US law prohibits these companies from being able to share certain data in response to a request made directly by a foreign government. This means that data which might be essential to an investigation cannot be obtained."

The "privacy and data protection safeguards" that apply to the agreement are those included in an agreement between the EU and the USA (see Article 9 of the UK-USA agreement).

The Agreement makes clear that one party may request that the other intercept telecommunications on its behalf, under Article 5:

"Orders subject to this Agreement for the interception of wire or electronic communications, and any extensions thereof, shall be for a fixed, limited duration; may not last longer than is reasonably necessary to accomplish the approved purposes of the Order; and shall be issued only if the same information could not reasonably be obtained by another less intrusive method."

Documentation


Image: Wordshore, CC BY-NC-ND 2.0

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error