Direct access – a sea change in data gathering in UK/U.S. criminal investigations

The Agreement represents a sea change in cross-border investigations.  The Agreement permits criminal authorities in each country to obtain electronic data directly from a range of telecommunications companies (so-called Covered Providers) in the other country – without any need to go through the domestic authorities in the recipient country, a mutual legal assistance treaty (MLAT) or any of the other cumbersome routes currently used.

This could have a major impact on any company whose business satisfies the definition of Covered Provider: social media platforms; data hosting, storage and processing; cloud storage; or potentially any other company to the extent it provides clients with an ability to communicate, process or store data.   It will also impact their customers, including corporate customers, if they are being investigated by authorities in the U.S. or UK, including the U.S. Department of Justice, the UK Serious Fraud Office and the Financial Conduct Authority.  Any company on the receiving end of this new type of production order will need to act fast to respond and/or challenge it, as the time scales for responding are extremely short.

For a summary of the key features of the new regime,  the thorny issues that are likely to emerge regarding, for example, data protection and privilege, and steps that companies should be taking now to prepare for any such orders, read here.

The U.S. is in negotiations with the EU and Australia to put in place similar reciprocal arrangements.