UK - US Electronic Evidence Treaty: One Step Forward, Two Steps Back?

On 3 October, in a landmark step for crime-fighting co-operation, Home Secretary Priti Patel and US Attorney General William Barr signed a bilateral agreement paving the way for UK and US law enforcement agencies to obtain data more quickly from electronic service providers operating in each jurisdiction. Given where most of tech power lies, this will inevitably be one way traffic, expediting the UK's acquisition of evidence from US tech giants such as Facebook, Google and Twitter in the fight against serious crime, including terrorism and child abuse.

Until now, such international data requests were made via the seemingly impossible to reform Mutual Legal Assistance (MLA) arrangements, taking up to two years for authorities to obtain e-evidence, leaving investigations and prosecutions mired in international red-tape. Under the new arrangements, a UK Judge can issue the police, SFO and other specified with an Overseas Production Order (OPO), bypassing cumbersome MLA procedures and, in principle, obtaining electronically stored data from the US within just seven days.

The legislative framework for the treaty – the US CLOUD Act, effective from March 2018, and the UK's Crime (Overseas Production Orders) Act 2019 – anticipates an agreement that has taken a substantial time to negotiate. The agreement itself, whose details were published by the UK for the first time on Monday, must still be ratified by the US Congress and laid before Parliament.

Available where it is in the public interest to make an OPO and a Judge is satisfied that an order is sought for the purpose of a terrorist investigation, or there are reasonable grounds for suspecting an indictable offence has been committed and an investigation or proceedings underway, the new arrangements have been welcomed on behalf of crime victims by organisations like the NSPCC, which described them as a hugely important step forward.

Anticipating potential concern from campaign groups, the agreement expressly notes the "substantial safeguards for protecting privacy and civil liberties" in the UK and US. It asserts that the processing and transfer of data in execution of an OPO are compatible with each country's privacy and data protection laws. Data received pursuant to an OPO must not be transferred to a third country without permission from the issuing state unless it is in already in the public domain.

Despite the drafter's efforts to forestall criticism, the new arrangements have nevertheless...