Oversight of UK and USA Data Access Agreement

New regulations have been introduced requiring the UK’s Investigatory Powers Commissioner to oversee the UK’s use of the UK-US Bilateral Data Access Agreement.

The Agreement, signed by both governments in October 2019, facilitates public authorities’ access to electronic data relating to the investigation of serious crime. Access to such data is subject to safeguards set out in domestic legislation, such as a signed warrant. The regulations introduced today amend section 229 of the Investigatory Powers Act 2016, enabling the Investigatory Powers Commissioner to oversee compliance with the Agreement and ensure its proper use.

The Investigatory Powers Commissioner, Sir Brian Leveson, said:

“I welcome the amendments to my functions requiring me to oversee compliance by public authorities with the Agreement between the United Kingdom and United States of America.

“My oversight will ensure that the Agreement is only invoked where this is necessary and proportionate.”

The Agreement is underpinned by domestic law – in the US, by the Clarifying Lawful Overseas Use of Data (CLOUD) Act and in the UK by the Crime (Overseas Production Orders) Act 2019 and the Investigatory Powers Act 2016. It is intended to ease access, by UK public authorities, to data held by US-based communications service providers.

The formal title of the regulations is: The Functions of the Investigatory Powers Commissioner (Oversight of the Data Access Agreement between the United Kingdom and the United States of America and of functions exercisable under the Crime (Overseas Production Orders) Act 2019) Regulations 2020. See here for the full regulations.