Later, on October 7, 2019, the Department of Justice issued a joint statement announcing that the United States and Australia had begun formal negotiations for an agreement under the Cloud Act. It is important to keep in mind the control and balance systems that exist in the United States. The President will not sign an executive agreement until after rigorous review by the Attorney General and the Minister of Foreign Affairs and the approval of Congress (p. 2523 (b) of the Cloud Act). Congress may vote on a joint resolution to reject it within 90 days and, in this case, the executive agreement will not enter into force (p. 2523 D) (4) of the Cloud Act). The two governments have agreed on conditions that largely remove restrictions on a wide range of investigations and do not target residents of the other country and assure suppliers that the disclosures under the agreement are consistent with data protection legislation. Each has also committed to obtaining the other`s authorization before using the data obtained by the agreement for prosecutions concerning the essential interest of one party – in particular the prosecutions of the United States and the British justice system. As discussed in the detailed FAQs on the CLOUD Act, the agreement provides a legal enforcement mechanism in the United States or the United Kingdom to request data from a service provider in the other country without having to go through the laborious mutual legal assistance process to do so. It therefore contains, as required by US law, the many conditions already required by the CLOUD Act, including: (a) that requests be directed to specific accounts, addresses or persons; (b) whether they are subject to review or review by a judge, judge or other independent authority; (c) are based on “artistic and credible facts”; (d) that the content of the communication be protected from attacks on foreign governments by U.S.
persons (including legitimate citizens and permanent residents) or by other persons physically present in the United States (for this data, the United Kingdom still has to apply the mutual legal assistance process); and (e) that the United Kingdom implements a series of safeguards for U.S. personal data, which are collected in passing. We have already written about these requirements and other requirements of the CLOUD Act as a basis, and here we are focusing on important new elements that go beyond what the law itself requires: the UK-US CLOUD Act also fulfils the third requirement to be “governed by international law”. This means, according to the history of the Vienna Convention negotiations, that an agreement must have the intention to create legal rights and obligations or to address a particular legal situation.  The ON cloud agreement between the United Kingdom and the United States is clearly linked to international relations between the two states.  The agreement explicitly states that its objective is to “establish a system of access to electronic data, which is fully regulated by binding, proportionate and essential safeguards.”  The cloud law agreements, also known as executive agreements (No. 2523 of the Cloud Act), appear to be bilateral agreements between the President of the United States and a “qualified foreign government.”