Data Proxies for the Stored Communications Act

When law enforcement obtains a customer’s cloud data from a cloud service provider (CSP) under the Stored Communications Act, a nondisclosure order can prevent the CSP from notifying the customer—leaving the customer unable to assert legal rights, including attorney-client privilege. This report proposes the “Data Proxy Act,” legislation enabling customers to contractually appoint a trusted, independent third party—a “data proxy”—to advance their interests when they cannot act for themselves.

Under the proposed bill, when a CSP receives a data demand paired with a nondisclosure order, it may petition the court for authorization to notify the customer’s data proxy. The court would grant the petition upon finding, by a preponderance of the evidence, that the data proxy is trustworthy and will comply with the nondisclosure order, and that disclosure will not result in improper notice to the customer. Once notified, the data proxy may assert the customer’s legal rights, including through litigation. The proposal builds on the bipartisan NDO Fairness Act and encourages cloud adoption without unduly compromising investigative secrecy.

This paper was published as part of a series marking the 40th anniversary of the Electronic Communications Privacy Act. View the paper series here.

You can read this paper here or below: