The UK and the U.S. have recently signed a Data Access Agreement to aid the respective countries in combating crime. 

An agreement came into force on October 3rd, 2022 between the Government of the United Kingdom and the Government of the United States. The Agreement focuses on the access to electronic data for the purpose of countering serious crime, allowing each country’s investigators better access to important data needed to deal with serious criminal activity within the context of privacy and the rights of individuals. While there are still protocols to be followed in order to maintain the rights and freedoms of citizens, this agreement will allow the respective governments a bit more ease in accessing the necessary information to prevent, detect, investigate and prosecute serious crimes, as detailed in a recent press release from the U.S Department of Justice. 

The Data Access Agreement is expected to aid the respective countries in dealing with a range of crimes including organised crime. 

Under the Data Access Agreement, restrictions on cross-border disclosures will not prohibit service providers in one country from responding to lawful orders or requests for electronic data issued by officials in another country. This will allow for more efficient access to relevant electronic data within a timely manner, which will allow investigations to move more quickly through the use of those orders, facilitated by this agreement. Between the two countries, this should provide some significant resolve in cases of terrorism, transnational organised crime, child exploitation, and other serious crimes.

The Data Access Agreement stipulates when and how data can be obtained and used under this agreement.

The UK and the U.S. each have designated authorities, who will be responsible for the implementation of the Data Access Agreement within their respective countries. The designated authority in the UK is the Investigatory Powers Unit of the UK Home Office. The agreement sets out a number requirements which must be met for the authorities of the respective countries to invoke the Agreement. For example, any orders submitted by U.S. authorities are not allowed to target persons located in the UK and have to relate to a serious crime in order to invoke the Data Access Agreement. Likewise, any orders submitted by UK authorities cannot target U.S. persons or persons located in the United States and must also relate to a serious crime. The agreement also governs the requirements, limitations and conditions when either authority is obtaining and using data obtained under the Data Access Agreement. 

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.