For many years, transatlantic cooperation between the EU and the US in the area of personal data exchange has been a subject of special interest on the part of lawmakers, courts – including supranational ones – NGOs and the public. When implementing recent reform of data protection law, the European Union decided to further strengthen guarantees of the protection of privacy in cyberspace. At the same time, however, it faced the practical problem of how to ensure compliance with these principles in relation to third countries. The approach proposed in the GDPR, which is based on a newly-defined territorial scope of application, clearly indicates an attempt to apply EU rules extraterritorially in relation to data processors in third countries.

Irrespective of EU activity, the United States has also introduced its own regulations addressing the same problem. An example is the federal law adopted in 2018, specifying how to execute national court orders for the transfer of electronic data. The CLOUD Act was established in response to legal doubts raised in the Microsoft v United States case regarding the transfer of electronic data stored in the cloud by US obliged entities to law enforcement authorities, as well as in cases where this data is physically located in another country and its transfer could result in violating the legal norms of a foreign jurisdiction. The CLOUD Act also facilitates bilateral international agreements that enable the cross-border transfer of e-evidence for the purposes of ongoing criminal proceedings. Both the content of the new regulations and the model proposed by the US legislature for future agreements concluded on the basis of the CLOUD Act can be seen as an alternative to regulations arising from EU law.

The purpose of this paper is to analyse the CLOUD Act and CLOUD Act Agreements from the perspective of EU law and, in particular, attempt to answer the question as to whether this new legal mechanism brings the EU and the USA closer to finding common ground with regard to a coherent model of exchange and protection of personal data.

多年来，欧盟和美国之间在个人数据交换方面的跨大西洋合作一直引起立法者，法院（包括超国家法院），非政府组织和公众的特别关注。在实施最新的数据保护法改革时，欧盟决定进一步加强对网络空间隐私保护的保障。但是，与此同时，它面临着一个实际问题，即如何确保对第三国遵守这些原则。GDPR中提议的方法基于新定义的地区应用范围，清楚地表明了试图对第三国的数据处理者在域外应用欧盟规则。

无论欧盟开展何种活动，美国也都针对该问题出台了自己的法规。一个例子是2018年通过的联邦法律，其中规定了如何执行国家法院关于传输电子数据的命令。制定《云法》是为了应对Microsoft v United States中提出的法律疑问美国有义务的实体将存储在云中的电子数据转移给执法机构的案例，以及这些数据实际位于另一个国家并且转移可能导致违反外国司法管辖区的法律规范的情况。《 CLOUD法案》还促进了双边国际协议，这些协议使得能够为正在进行的刑事诉讼目的而进行电子证据的跨境转移。新法规的内容和美国立法机关针对根据《云计算法》缔结的未来协议提议的模型都可以被视为欧盟法律法规的替代方案。

本文的目的是从欧盟法律的角度分析《 CLOUD法案》和《 CLOUD法案》协议，尤其是试图回答这一新的法律机制是否使欧盟和美国更接近于寻求共同点的问题。关于个人数据交换和保护的一致模型。