U.U.K. negotiations The agreements have been ongoing since at least 2016 and were made possible by the passage of the CLOUD Act in the United States and the Overseas Production Orders (COPO) Act of 2019 in the United Kingdom. Like the CLOUD Act, the COPO Act creates a framework in UK legislation that allows the government to request information from foreign-based service providers. Internal investigations into electronic information are regulated in the UK by the Powers And Investigatory Act 2016. 21 Coalition Letter from EPIC. (October 29, 2019), available at www.whistleblower.org/sign-on-letter/sign-on-coalition-statement-re-u-s-u-k-cloud-act-executive-agreement [perma.cc/9Y67-P3XT] (by observing that “the text of the U.S.U.K. The agreement requires that content orders, which are widely regarded as the most sensitive electronic data, meet only the standard of “appropriate justification on the basis of ex-fair and credible facts, in particular legality and heavy data,” and declare that this “standard is vague”. . . . and is probably lower than the probable cause in different contexts”). In contrast, Jennifer Daskal and Peter Swire describe the US-UK Data Access Agreement and the underlying CLOUD Act as “positive developments that protect privacy and civil liberties, take into account different cross-border norms and respond to the reality that digital evidence, even essential for purely local crimes, often transcends international boundaries.” Jennifer Daskal – Peter Swire, The UK-US CLOUD Act Agreement Is Finally Here, Containing New Safeguards, Just Security (October 8, 2019), www.justsecurity.org/66507/the-uk-us-cloud-act-agreement-is-finally-here-containing-new-safeguards.
Until now, British authorities seeking data from a U.S. communications service provider have largely depended on the Mutual Legal Assistance (MLA) process.  Under the CAG, the British authorities are formally approached by an enforcement authority in the country where the application is made. If the investigation requires coercive action, it is sanctioned by the judicial authorities of the foreign jurisdiction. Cogeneration applications filed by the United States for data held in the United States are therefore subject to U.S. courts and may be challenged in the United States subject to U.S. law and procedure. The agreement allows for more effective investigation of serious crimes such as terrorism, transnational organized crime and cybercrime, by providing timely access to electronic data relating to crimes committed in one country and stored in the other country.