The EU-US Data Privacy Framework, signed in 2023 to enable transatlantic data flows, is facing increasing legal challenges and political friction that threaten its future. The agreement underpins $9.8 trillion in annual trade between the United States and European Union, but European privacy advocates argue that US data protection standards remain insufficiently robust compared to European regulations.
What happened
The framework was introduced to replace previous failed data transfer agreements by addressing concerns raised by European courts about US surveillance practices and privacy protections. It relies on a White House executive order that limits bulk data collection on non-US citizens and establishes a data protection review court under the US Department of Justice to provide Europeans with legal redress.
However, critics contend these measures fall short of the EU’s strict data protection standards. French politician Philippe Latombe, who unsuccessfully challenged the deal in European courts, continues to pursue an appeal expected to be heard by the end of 2026. Legal opponents highlight the executive order’s lack of legislative backing and the review court’s dependence on the US president’s authority to remove judges, undermining its independence.
Both sides of the Atlantic have become more guarded recently, with European officials concerned about the durability of US legal commitments amid ongoing political shifts. Privacy advocates worry that the Biden administration’s executive protections could be weakened by future US policy changes.
Why it matters
The agreement supports the free flow of data essential to business operations and economic relations between two of the world’s largest economies. Without a stable data transfer framework, thousands of companies face legal uncertainty that could disrupt trade and digital service provision. The European Court of Justice’s upcoming ruling on the framework’s validity will set a precedent for future transatlantic data governance and privacy enforcement.
This legal scrutiny also raises broader questions about how democratic countries can reconcile differing surveillance laws and privacy philosophies while maintaining international data flows vital to the digital economy.
Background
The EU-US Data Privacy Framework was created following the invalidation of two predecessor agreements by the European Court of Justice—in 2015 and 2020—due to concerns that US surveillance laws did not provide adequate protections for Europeans. Previous US administrations attempted to address these issues through executive actions, but recent geopolitical tensions and divergent legal standards have intensified scrutiny.
The framework’s reliance on executive orders rather than legislation has led to worries from European regulators about its longevity and reliability amid shifting US political landscapes. Austrian privacy advocate Max Schrems, whose legal challenges led to the prior frameworks’ collapse, has criticized the framework’s legal foundation and the independence of its enforcement mechanisms.
Sources
This article is based on reporting and publicly available information from the following source:
Read more World News stories on Goka World News.