Apple, Google, Microsoft, Facebook and Oath (Engadget's parent company) believe CLOUD Act is better than its predecessor, though, and have sent a letter (PDF) to the Senate in support of the bill. They said that it "would create a concrete path for the US government to enter into modern bilateral agreements with other nations that better protect customers."

More importantly, "the legislation would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement." They said CLOUD's rules would ensure that data holders are protected by their own laws and would enable authorities to investigate cross-border crime and terrorism without igniting international legal conflicts.

Privacy advocates are unsurprisingly unhappy with the changes the CLOUD Act brings. The Electronic Frontier Foundation has listed the reasons why it thinks the new set of regulations is "a dangerous expansion of police snooping on cross-border data." It said the bill is nearly identical to the US-UK Agreement for stored data and that lawmakers failed to address privacy advocates' issues with it.

According to the EFF, the new set of rules includes a weak standard for review, grants real-time access to foreign law enforcement and doesn't place adequate limits on the severity of the crime it can apply to. Further, the privacy rules protecting data belonging to US citizens and lawful permanent residents don't apply to temporary visa holders and residents without documentation.

US tech companies can refuse to hand over data under the new regulations and can ask foreign countries seeking access to information to adhere to the older set of rules. They can do that, say, if they believe those nations want to use the info they have to crack down on journalists and opposing politicians. As ACLU legislative counsel Neema Singh Guliani said, though, that means the "public is going to be largely reliant on those companies."