Congress Passes Intrusive Data Sharing Legislation under Cover of Important Spending Bill

by Vins
Published: Updated:

Hidden in the massive omnibus spending bill approved by Congress in February 2018 was the Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018. The CLOUD Act enables the US government to acquire data across international borders regardless of other nations’ data privacy laws and without the need for warrants. CLOUD was subject to almost no deliberation as the Senate was working swiftly to avoid a prolonged government shutdown.

Specifically, the CLOUD Act adds provisions to two existing laws that protect constitutional rights in the digital age. The Store Communications Act (SCA), which enables the US government to request personal data directly from the company, now also applies to foreign countries “that are part of an executive agreement with the United States.” Such contracts would partially negate the Mutual Legal Assistance Treaty (MLAT), which mandates that foreign governments must obtain a warrant through the Department of Justice before requesting data.

Many provisions of the CLOUD Act leave significant room for potential abuse. The act fails to specify what criminal behavior warrants a request for personal data. It also fails to specify a time-frame for the approval process. This allows nations to request and obtain the data before receiving proper approval. In addition, the act does not prevent foreign nations from returning data to the US Government. This would devalue the laws that protect the private data of US citizens from their own government. By passing this act without constructive examination, Congress has ensured that these shortcomings will not be fixed.

On Friday, March 24, MSN journalist Laura Hautala published a report defending the CLOUD Act. The piece focuses on those in favor of it, such as Microsoft President Brad Smith. Along with other CLOUD act proponents, Smith described the MLAT as “cumbersome and slow.” Yet, none mention the violation of human rights that comes with circumnavigating the process of obtaining a warrant. The article also goes into great detail liberties that the CLOUD act provides large corporations, by simplifying legal issues concerning overseas servers. The article briefly mentions Neema Singh Guliani and her concerns about violations of human rights overseas. However, the article as a whole sidelines this narrative and stands in favor of the large corporations that stand to benefit from the CLOUD act.


Robyn Greene, “Somewhat Improved, the CLOUD Act Still Poses a Threat to Privacy and Human Rights,” Just Security, March 23, 2018,

David Ruiz, “Responsibility Deflected, the CLOUD Act Passes,” Electronic Frontier Foundation, March 22, 2018,

Student Researcher: L. Joseph Smith (Diablo Valley College)

Faculty Evaluator: Mickey Huff (Diablo Valley College)