Basically, don’t carry data with you. Leave it all in the cloud. You can’t be compelled to provide the password for a service which contains data that is not on the device.
I posted basically this elsewhere on this thread, but:
1. Make sure it's a cloud service that you trust (i.e. audited, self-hosted and you know what you're doing etc.), since they'll probably keep the data on it forever, regardless of whether you delete it.
2. They will eventually ask for your password for that cloud service and download the data from it. For the truly paranoid (which is increasingly coming to resemble "people who care about security at all", sadly), use a cloud service with a duress code https://en.wikipedia.org/wiki/Duress_code. Returning fake data with a duress response can get you through security quickly if the people searching your data don't identify it as fake. Otherwise, the response of "I just gave a duress response and was permanently locked out until I personally visit the agency holding it in $my_country_of_origin and re-authenticate" may have a slightly higher success rate of getting you through security than refusing to surrender passwords. But then you don't get access to your data until you do that. There's always the "inconvenience" bluff-call option of "after I gave the duress response, I won't have access to my data for a week", but depending on how petty/suspicious the officers are that can be equivalent to asking for a week's detention.
