All You Need To Know About CLOUD Act

When we read the term CLOUD Act, the first thought that comes to our mind is a set of rules given out to judge the cloud services. But the reality is quite different! Well, while we were still getting over the shock of Facebook and Cambridge Analytica scandal, the Government of U.S. quietly passed a legislation which will affect us and our data. The Clarifying Overseas Use of Data (CLOUD) Act is an upgrade to Electronic Communications Privacy Act (ECPA) which is a Law series that enlightens and guides how native officials of U.S. may access the data of the citizens which is stored overseas. These laws were passed initially in 1986, by Congress and have stayed intact since then.



Till the last few days, U.S. could only get hold of the data stored overseas through MLAT, Mutual Legal-Assistance Treaties. MLAT, is a detailed report clarifying on how two or more nations will help each other with legal investigations. The CLOUD Act is an alternative to MLAT and will ease the investigation process of U.S. officials which was hindered earlier due to foreign policies. But privacy of commoners is at stake!

Under this act, U.S. law enforcement officials can ask tech companies to hand over the user data, no matter where they have stored it. This Act also gives the executive branch the authority to enter into “executive agreements” with other nations. Therefore, officials who are investigating would get a hold on user data stored in the other country as well, without considering hosting nation’s privacy laws. Moreover, these agreements don’t require any Congressional approval as well.

The politicians introduced this law on 6th Feb 2018 to the Senate and House of Representatives. Are you wondering how is this going to affect you? Well, now the executive branch has enough control over who can access your data.


To understand this, let’s take an example. The investigators from the U.S wish to go through the private content stored on the cloud of a native citizen because they suspect a bank fraud. The police could go directly to the cloud service provider, to request and collect those data chunks. To do the same, concerned authorities on duty would not need prior judicial review. Moreover, they would not be required to notify U.S. law enforcement about this request. The content collected can be read, stored and shared to find hints of crime and further investigation. Additionally, the contents might be used to criminally charge a person in the court, even though a legal warrant isn’t issued. This is a huge step taken to speed-up the investigation process which earlier took days. A few people are looking at this as privacy invasion while others are praising it.

A few experts have said that CLOUD Act is creating an unfair two-tier system. The countries operating under “executive agreements” are subjected to minimization and sharing guidelines when they are handling data that belongs to the native citizens, permanent residents, and lawful corporations. However, these privacy guidelines don’t extend to a person born in any country but residing in the U.S. with a temporary visa.

Some tech joints have claimed that this act may stick the officials in between conflicting data laws of different nations. Moreover, it may give rise to tensions between the U.S. legislature and tech giants. From long, the legislation has protected the citizens from snooping, but passing a law like this will render everything useless.



In this era when cybercrimes are at its peak, we don’t need a CLOUD Act, but upgrade in the MLAT is definitely required. The people are not in favor of this neither are we because this law may become responsible for the biggest data breach. If the officials from U.S. can freeze the data of commoners and share it if needed, nobody’s data will be safe. Also, we cannot forget, how clumsy the officials are while handling sensitive information. Like it or not, the law has been passed and now your privacy is at the verge of getting exposed!

Read Also : Will We Ever Reach Cloud Portability?

What do you think? Is this invasion of privacy or a step taken for good? Let us know in the comments section below!

Leave a Reply