On March 23, 2018, President Trump signed into law the Consolidated Appropriations Act, 2018, which contained a section entitled the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act significantly revises the rules underlying law enforcement requests for access to communications information stored abroad, and may have far-reaching implications for companies that collect, transmit, and store such communications.

The CLOUD Act resolves an ambiguity in federal law that increasingly served as a flashpoint between tech companies and law enforcement. Most prominently, this question was posed to the U.S. Supreme Court in United States v. Microsoft Corp, a case originating in 2013 that the Court heard on February 27, 2018. In Microsoft, the United States argued that U.S.-based service providers could be compelled to turn over responsive data when served with a warrant, whether held in America or abroad. Microsoft argued that the government’s warrant authority only reached data held in the U.S. itself. Before the Court handed down a decision, however, the CLOUD Act was passed, and with the case moot, the Court remanded and dismissed it at the request of both sides.
Continue Reading Congress Enacts the CLOUD Act, Granting Law Enforcement Access to Information Stored Abroad, and Mooting U.S. v. Microsoft