At Relativity Fest in London, I interviewed David Horrigan, Relativity’s Discovery Counsel and Legal Education Director, on two subjects which had been well covered at the event. The first of those was the US government’s CLOUD Act which at a stroke made redundant the US Supreme Court’s consideration of the long-running case between the US government and Microsoft about data held on (in that case) servers in Dublin.
The other was the state of preparation and anxiety in the US about the then-pending General Data protection Regulation, which has since (today) come into force. At Relativity Fest, David Horrigan moderated a panel with former US Magistrate Judge James Francis IV (who gave the original Microsoft Dublin Opinion) and Rachi Messing of Microsoft. As I often do, I looked to David Horrigan for a high-level summary of the current topics.
If you want a deeper look at the The Clarifying Lawful Use of Overseas Data (CLOUD) Act, it is described here. Its relationship with EU developments is summarised here. Both articles are by someone who is less than enthusiastic about it from both a privacy perspective and as a jurisdictional matter.
As I put it rather cynically in this interview, the CLOUD Act appears to justify the US kicking down doors all over the EU, Asia and elsewhere, claiming the right to access data under their own legislation. Will there not be some objection to this by foreign governments?
Although, as David Horrigan points out, the CLOUD Act equally authorises foreign access to data in the US, that is unlikely to appease privacy groups and those who are concerned about the territorial issues. As discovery becomes increasingly important in criminal and family matters as well as in major commercial disputes, the inherent contradictions between broad US discovery and EU restrictions on privacy are likely to increase.
David Horrigan sees the possibility that the traditional mechanism of Mutual Legal Assistance Treaties might get more attention – a point made also in the articles referred to above.
MLATs, as I said in the interview, have been spurned by US courts who have copy-pasted criticisms from the Aérospatiale opinion about the alleged slowness of MLATs without pausing to enquire if there was indeed some value in going down that route.
We turned in the interview to the General Data Protection Regulation which, I suggested, was still causing more panic in the US than in the UK and the rest of the EU. Although much of the early hype about fines is calming down, prudent companies in the US are realising that GDPR compliance is a long process with wider implications than fines.