Clarifying Lawful Overseas Use of Data Act or the CLOUD Act

This bill amends the federal criminal code to specify that an electronic communication service (ECS) or remote computing service (RCS) provider must comply with existing requirements to preserve, backup, or disclose the contents of an electronic communication or noncontent records or information pertaining to a customer or subscriber, regardless of whether the communication or record is located within or outside the United States.

An ECS or RCS provider may challenge a domestic warrant that compels disclosure of the contents of an electronic communication if:

• the customer or subscriber is not a U.S. citizen or national, lawful permanent resident, corporation, or other unincorporated entity;
• the customer or subscriber does not reside in the United States; and
• the required disclosure creates a material risk that the provider violates the laws of a foreign government with which the United States has in effect an executive agreement on data access.

In response to an order from a foreign government with which the United States has an executive agreement on data access, an ECS or RCS provider may:

• intercept or disclose the contents of an electronic communication, and
• disclose the contents of a stored electronic communication or noncontent records or information pertaining to a subscriber or customer.

It establishes a framework to allow the United States to enter into executive agreements with foreign governments to govern data access. To be valid, an executive agreement must meet certain requirements, including that the foreign government affords robust procedural privacy protections and adopts minimization procedures.

This bill does not preclude a foreign authority from obtaining assistance in a criminal investigation or prosecution.