I&J contributed

Published on
January 10, 2017

Cross-border requests for data

Several important events in 2016 have greatly impacted discussions concerning cross-border requests for user data, including the Microsoft Ireland case, the draft US-UK data sharing agreement, and sustained calls for reforming Mutual Legal Assistance (MLA) and other systems related to criminal investigations and international data processing procedures.

These and other developments were analyzed in relation to privacy and civil liberties on January 26, 2017 at the "Privacy and Government Cross-border Requests for Data" session of the annual Computer Privacy and Data Protection conference. I&J's Executive Director, Bertrand de La Chapelle chaired the session, which was moderated by Professor Peter Swire.

Discussions revolved around the following questions:

  • How can we best protect the interests of data subjects while enabling legitimate law enforcement requests, in an era where data is pervasively globalized and held in other jurisdictions?
  • What is driving increased policy activity on issues of cross-border access to personal data by law enforcement?
  • How well does the proposed US-UK agreement for these issues protect privacy and civil liberties?
  • What are the actions of the EU Commission and Council of Europe in this area, including late 2017 action items announced by the Commission?
  • How well are proposed reforms applying to countries outside of the EU and US, including Brazil and India?


Cathrin Bauer-Bulst

Deputy Head of Unit, Fight Against Cybercrime

DG HOME, European Commission

Jennifer Daskal

Associate Professor

American University Washington College of Law

Nicole Jones

Senior Counsel, Law Enforcement and Security


Bertrand de La Chapelle

Executive Director

Internet & Jurisdiction Policy Network

Caroline Wilson Palow

General Counsel

Privacy International

Ralf Sauer

Head of International Sector, DG JUST

European Commission

Peter Swire

Professor of Law and Ethics

Georgia Tech University

MLAT and beyond

2017 marks the 10th anniversary of the annual CPDP conference. The event brings together lawyers, practitioners, policy-makers, industry leaders, and civil society from around the world to exchange ideas and discuss the latest emerging issues and trends in Internet governance. During the last CPDP conference in early 2016, Internet & Jurisdiction's Bertrand de La Chapelle highlighted jurisdictional tensions requiring structural MLAT reform, particularly when the sole nexus of connection with the US is the location of the operator. 

At the Global Internet and Jurisdiction Conference in November, 2016, a diverse group of multistakeholder participants built upon related global dialogues in the Data & Jurisdiction workstream, concretely identifying several potential improvements to cross-border request systems, including:

  • Standards for user notification, 
  • Modalities for the authentication of requests, and
  • The establishment of single points of contact as potential improvements to cross-border request systems.

Additional outcomes from the Global Internet and Jurisdiction Conference can be found in the Secretariat Summary of the event.