Certified Information Privacy Professional – United States (CIPP/US) — Question 184

The Clarifying Lawful Overseas Use of Data (CLOUD) Act is primarily intended to do which of the following?

Answer options

• A. Codify a treaty with the EU that permits the cross-border transfer of personal information from the EU to the United States in compliance with the General Data Protection Regulation (GDPR).
• B. Update the legal mechanisms through which federal law enforcement may obtain data that service providers maintain in a foreign country.
• C. Establish baseline privacy obligations that U.S. companies must comply with for personal information, even if stored in a foreign country.
• D. Prohibit foreign companies from using the personal information of U.S. citizens without their consent.

Correct answer: B

Explanation

The CLOUD Act is designed to update the legal framework for U.S. federal law enforcement's ability to access data held by service providers abroad, making option B the correct choice. Options A, C, and D do not accurately reflect the Act's primary focus on law enforcement access to data rather than establishing treaties, privacy obligations, or consent requirements.