The UK-US Data Access Agreement (DAA) allows UK and US law enforcement to directly request data held by telecommunications providers in the other party’s jurisdiction for the exclusive purpose of preventing, detecting, investigating and prosecuting serious crimes such as terrorism and child sexual abuse and exploitation.

Under UK law, enforcement authorities can already seek data, including pictures and messages, relevant to a serious crime that they are trying to prevent, detect, investigate or prosecute. However, US law prohibits US social media platforms and messaging services from being able to share data in response to a request made directly by a foreign government. Given that many popular social media services operate within the US, data that might be essential to a UK investigation cannot be obtained in a timely way.

The new DAA requires the parties to ensure that its laws permit a telecommunications operator to lawfully respond to direct requests for DAA data made by a relevant public authority in the other party’s jurisdiction. It does not create any new powers as it requires that all DAA requests are compliant with the relevant existing domestic obligations that a public authority is bound by.

Because the DAA may only be used where the correct domestic authorisation has first been obtained, all the existing mechanisms for oversight of UK investigatory powers will continue to apply.

In addition, the UK has passed new legislation to provide the UK’s Investigatory Powers Commissioner’s Office with a statutory remit to oversee the UK’s use of the DAA, including where the Crime (Overseas Production Orders) Act 2019 is being used.

The DAA will come into force on 3 October 2022. To read the US/UK joint statement on the DAA, click here.