Italy: Adopted Opinion On Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities

On 10 October 2022, the Italian Data Protection Authority (authority) issued an opinion on the US Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities. The Executive Order aims to implement the US-EU Trans-Atlantic Data Privacy Framework which would enable cross-border data transfers following the CJEU "Schrems II" ruling that invalidated the previous Privacy Shield. In the opinion, the authority explains that the Executive Order is only a first step in reaching an agreement and accordingly calls for caution in early judgements. The opinion then outlines the positive and negative elements of the Executive Order. Positive elements mentioned by the authority include the acceptance of European principles such as limitation, proportionality and minimisation. The main negative element is the legal nature of the Executive Order, rather than a law, since it can not modify the laws that caused the friction between the EU and the US. Finally, the opinion states that certain aspects of the Executive Order, especially the complaint mechanism, are to be clarified. In the opinion, the data protection authority questions whether an executive order is the most effective way to tackle a new data privacy framework, since it is not a parliamentary decision that can be made into a law. It remains a "simple" and "fast" regulatory response. The authority would like more clarification on the tangible paramters of the regulation and wonders how effective a US "special court" would be for EU citizens. Finally, the authority states that it remains a positive step in the right direction since the US is adopting European standards of privacy.