Policy factsheet on the UK-US Data Access Agreement
Published 21 July 2022
Introduction
The UK-US Data Access Agreement (DAA) allows UK and US law enforcement to directly request data held by telecommunications providers in the other party’s jurisdiction for the exclusive purpose of preventing, detecting, investigating and prosecuting serious crimes such as terrorism and child sexual abuse and exploitation.
The DAA will transform the ability of UK law enforcement to promptly and efficiently access data that is vital to helping keep people safe.
Why is the UK-US Data Access Agreement needed?
When a UK law enforcement agency is trying to prevent, detect, investigate or prosecute a serious crime, the UK law allows them to seek data relevant to the particular crime. In the case of data held by telecommunications operators, this could include information such as pictures or messages.
Many of the currently popular telecommunications services, such as social media platforms and messaging services, operate within US jurisdiction. Unfortunately, US law prohibits these companies from being able to share certain data in response to a request made directly by a foreign government. This means that data which might be essential to an investigation cannot be obtained.
Whilst mechanisms such as ‘mutual legal assistance’ do allow government-to-government requests to be made for data, this process is typically very slow, often taking many months to complete. This can hamper critical investigations and prevent police or security services from building a picture of an investigation faster. In many cases, the person under investigation may continue to offend whilst the request is being processed, leading to more harm and more victims.
How will the UK-US Data Access Agreement change this?
The DAA works by requiring each party to ensure their laws permit a telecommunications operator to lawfully respond to direct requests for DAA data made by a relevant public authority in the other party’s jurisdiction. It does not create any new powers as it requires that all DAA requests are compliant with the relevant existing domestic obligations a public authority is bound by.
In short, the DAA will provide relevant UK and US public authorities with timely, efficient and lawful cross-border access to data for the purpose of preventing, detecting, investigating and prosecuting the most serious crime. It will ensure criminals cannot hide their data behind jurisdictional barriers to conceal their criminal activities.
How is this process overseen?
Because the DAA may only be used where the correct domestic authorisation has first been obtained, all the existing mechanisms for oversight of UK investigatory powers will continue to apply.
In addition, the UK has passed new legislation to provide the UK’s Investigatory Powers Commissioner’s Office (IPCO) with a statutory remit to oversee the UK’s use of the DAA, including where the Crime (Overseas Production Orders) Act 2019 is being used.
When will the change come into force?
The agreement will come into force on 3 October 2022 enabling law enforcement in both countries to request key data for their live investigations.