The United States and the United Kingdom have signed a deal that allows authorities of both countries to directly request data from British and American companies. The agreement appears to be at odds with EU rules.
The deal was announced in a press release on Thursday and is part of the Cloud Act, which went into effect in the US last year. The Cloud Act allows US authorities to request data from US companies without going through a court, even if it concerns information in a data center on foreign territory. The deal with the United Kingdom should ensure that authorities in both countries can access communications data from suspected terrorists and child abusers more quickly.
According to the countries, it can currently take up to two years for authorities to access such data, as a long legal process precedes the request of such data. This agreement has yet to be approved by lawmakers from both countries, but if the deal becomes final, this process should be shortened to weeks or even days.
This deal makes it easier for the Americans to access the data of British telecom providers. In turn, the British authorities can request data more easily from companies such as Twitter, Facebook and Google. The deal should not prevent companies from encrypting their data, which makes it difficult for authorities to access the data.
For example, Facebook announced earlier this year that it plans to add end-to-end encryption to Instagram and Messenger. WhatsApp, another Facebook service, already uses e2e encryption. The US, UK and Australia asked Facebook this week not to pursue this initiative. According to the authorities, these services are used for encrypted communication between malicious parties who, among other things, target children. Companies are not allowed to set up their systems in such a way that access to the content is impossible. Facebook, for its part, said the company “strongly opposes government efforts to create a backdoor because it undermines the privacy of people around the world.”
According to MEP Sophie in ‘t Veld of D66, the agreement between the US and the UK is out of bounds because Great Britain is still part of the EU. She said the deal may prevent an agreement between the United States and the EU to share digital evidence. The deal may also violate the General Data Protection Regulation, which came into effect in 2018. Moreover, EU member states are not allowed to enter into such data deals on their own.