Virtually every company today stores electronic data in “the cloud,” often using lower-cost, extraterritorial data-hosting locations overseas from their primary business operations. The physical location of the hardware on which data resides is not important.
Furthermore, it is often that companies do not consider it significant who possesses hardware. However, during a criminal investigation, considerations of data location, ownership and access are of first importance to regulators seeking access to that data.
Therefore, a clear data strategy is vital to any criminal investigations where data may reside in several jurisdictions.
FRA Director, Michael Trahar discusses this in his article: The CLOUD Act and potential data privacy conflicts in multi-jurisdictional investigations.