On 29 October 2019, twenty privacy, civil liberties, and human rights organizations jointly addressed U.S. Congress committee chairmen to stop the US-UK CLOUD Act Executive Agreement signed on 3 October 2019. It will allow direct access by the party’s law enforcement bodies to personal data held by private service providers outside traditional mutual legal assistance procedures.

The organisations “believe that the Agreement fails to adequately protect the privacy and due process rights of U.S. and U.K. citizens.” They urge the U.S. parliament to disapprove the agreement.

The organisations observe that the US-UK executive agreement exhibits many often cited human rights concerns, e.g., diminished standards for law enforcement requests, lack of notice, vague oversight mechanisms, etc. They are particularly concerned because the agreement may become a template for future agreements, including with countries that have even less strict data protection standards. The main critical issues put forward are as follows:

• The US-UK Agreement lowers the bar for law enforcement access to both stored communications content, such as emails, and live wiretaps in the USA;
• It does not consistently foresee prior judicial authorization of an order and goes below standards of the Fourth Amendment;
• Requirements for minimization of data and targeting individual requests do not apply equally to the USA and the UK;
• The accord includes neither provisions on notice to the data subject nor any new remedies for individuals;
• The threshold for crimes covered by the agreement is low, and the protective requirement of dual criminality no longer plays a role;
• Vague external oversight;
• The agreement does away with a robust human rights review by the U.S. authorities;
• It also fails to uphold the standards against infringements to the freedom of speech as defined in the CLOUD Act;
• Sharing of gained information among the UK and American law enforcement authorities may violate U.S. law.

In addition, the undersigning organisations question whether the UK – still a Member of the European Union – was competent to enter into a bilateral agreement.