The US and UK now have a data-sharing pact, which went into effect on Monday. Quoting from Engadget:
The two sides claim that the Data Access Agreement, which was authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act in the US, will help law enforcement to combat serious crimes in both countries. The Department of Justice called the initiative the first of its kind, adding that it would enable investigators “to gain better access to vital data” to fight serious crimes in a manner that’s “consistent with privacy and civil liberties standards.”
Under the agreement, authorities in one country can request data from ISPs in the other country, as long as it’s related to preventing, detecting, investigating and prosecuting serious crimes, including terrorism, transnational organized crime and child exploitation. US officials can’t submit data requests targeting people in the UK and vice-versa — presumably the requests can either be used to assist domestic investigations or investigations into foreign nationals. Authorities also need to adhere to certain requirements, limitations and conditions when they access and use data.
And the other big news of the week from the White House is The Blueprint for an AI Bill of Rights, released Tuesday by the Office of Science & Technology Policy, which describes five principles that should be incorporated into AI systems to ensure their safety and transparency, limit the impact of algorithmic discrimination, and give users control over data.
They aren’t the first – IBM made a set of principles in 2017, the EU’s guidelines were released in 2019, and the Vatican published in 2020 on the topic. In 2020, the Trump administration released larger technology regulation principles, warning against over-regulation.
Why do we care?
The first is law; the second is not. That said, they are both helpful.
Be aware of the law here – if customers do business in the UK, their data can be pulled.
On the second, it’s the frameworks I’m interested in. In tomorrow’s bonus episode, I talk about Privacy as a service – well, there are ideas here about user control over their data. Borrow from experts, don’t design this yourself – and I think there’s a service to be delivered. It’s all data governance… and we’ll go into it tomorrow.

