Brooklyn Journal of International Law


Tim Cochrane

First Page



The United States (US) and United Kingdom (UK) will soon bring into force a new international law enforcement data sharing ‘CLOUD Act agreement’ (US-UK Agreement), the first of its kind under the Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act). These agreements enable law enforcement in one state to directly request data from service providers based in the other state. They respond to long-standing concerns with the main mechanism for obtaining overseas data, mutual legal assistance (MLA). The US and UK claim the US-UK Agreement will significantly speed up data access relative to MLA while “respecting privacy and enhancing civil liberties.” This article interrogates that claim, exploring the impact of CLOUD Act agreements on digital privacy rights under the Fourth Amendment to the US Constitution and Article 8 of the European Convention on Human Rights. Emerging literature is deeply divided: US scholars typically view these agreements as neutral or rights-enhancing, while Europeans and others generally fear a reduction in rights compared with MLA. By separately considering the impact of the US-UK Agreement on each of three classes of impacted persons, US persons, UK persons, and third country persons (TCPs)—i.e. everyone else—these diverging views appear to be each partly right and partly wrong. While this agreement will likely be an overall relative improvement for the digital privacy rights of US and UK persons, it will further undermine these rights for TCPs, contrary to the US and UK’s claimed aims. To address this, the US and UK should voluntarily extend Fourth Amendment and Article 8 protections, respectively, to implicated TCPs. This would be readily achievable, largely consistent with judicial trends, and encourage a more robust rights-respecting approach to international data transfers globally.