Germany: Adopted opinion on US Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities

On 26 October 2022, the data protection authority of the German region Baden-Wuerttemberg (authority), issued an opinion on the US Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities. The Executive Order aims to implement the US-EU Trans-Atlantic Data Privacy Framework, which would enable cross-border data transfers following the CJEU "Schrems II" ruling that invalidated the previous Privacy Shield. In the opinion, the authority welcomes the Executive Order as a step in the right direction but raises several issues to be considered by European authorities. Firstly, the authority questions whether an Executive Order is the right legal instrument since it is an internal direction for governmental organisations, not a law having undergone the parliamentary process. In addition, it is not clear how the Executive Order would interact with existing laws such as the CLOUD Act. Furthermore, the opinion questions the ability to pursue legal action by EU citizens, since an Executive Order does not grant legal rights to EU citizens. Finally, the opinion scrutinises the complaint mechanism detailed in the Executive Order, raising three issues: Complaints must meet unclear standards, complainants only get limited information and the Data Protection Review Court may not be independent.