As of today, a data-sharing pact between the US and the UK is in effect, five years after it was first floated. The two sides claim that the Data Access Agreement, which was authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act in the US, will help law enforcement to combat serious crimes in both countries. The Department of Justice called the initiative the first of its kind, adding that it would enable investigators "to gain better access to vital data" to fight serious crimes in a manner that's "consistent with privacy and civil liberties standards."
Under the agreement, authorities in one country can request data from ISPs in the other country, as long as it's related to preventing, detecting, investigating and prosecuting serious crimes including terrorism, transnational organized crime and child exploitation. US officials can't submit data requests targeting people in the UK and vice-versa — presumably the requests can either be used to assist domestic investigations or investigations into foreign nationals. Authorities also need to adhere to certain requirements, limitations and conditions when they access and use data.
The UK Home Office's Investigatory Powers Unit will oversee the Data Access Agreement in the UK, while the DOJ's Office of International Affairs (OIA) will handle matters in the US. The OIA has put together a CLOUD team that will review and certify orders on behalf of federal, state, local and territorial authorities. It will directly submit orders to ISPs in the UK and ensure data is transferred to authorities who requested it.
Privacy advocates have blasted the initiative and the CLOUD Act. In 2018, just after the bill was introduced, the Electronic Frontier Foundation said it "creates a dangerous precedent for other countries who may want to access information stored outside their own borders, including data stored in the United States." Fight for the Future argued that it would threaten user privacy.