US-EU Data Transfer Pact Under Threat Amid Oversight Crisis

Author: Chloe Nowak
Published: 2025-07-31 at 22:07
Category: Geopolitics
Language: English
Rate the article:
0
0
Keywords:
Datatransfers Privacy Eu Us Dpf Pclob Gdpr
Political interference at US privacy oversight board threatens EU-US data transfer pact, risking business chaos and potential framework invalidation. European authorities warn companies to prepare alternatives as Commission monitors situation closely.
us-eu-data-transfer-pact-threat

Transatlantic Data Framework Faces New Uncertainty

The EU-US Data Privacy Framework (DPF), established in 2023 to enable legal transatlantic data flows, faces renewed challenges following political turmoil at a key U.S. oversight body. The framework replaced the invalidated Privacy Shield after Europe's top court ruled previous agreements didn't adequately protect EU citizens from US surveillance programs.

Oversight Board Crisis

In January 2025, the Trump administration ordered all Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB) to resign. This independent body plays a critical role in the DPF by reviewing intelligence community compliance with privacy safeguards. With only one member remaining, the board cannot function - potentially violating a core requirement of the EU-US agreement.

"If the PCLOB is weakened or rendered non-functional, it undermines trust in the TDPF and the adequacy of protections for EU citizens' data transferred to the US," warned Silvia Lorenzo Perez of the Center for Democracy and Technology. The European Commission is actively monitoring the situation and may revoke the adequacy decision without transition period if safeguards aren't restored.

Business Implications

Over 5,000 companies rely on the DPF for transatlantic data transfers. If invalidated, U.S. tech giants could face operational chaos similar to the 2020 Privacy Shield collapse. Norway's Data Protection Authority already issued guidance in February 2025 warning organizations to prepare contingency plans. Alternatives like Standard Contractual Clauses come with higher compliance costs and legal uncertainties.

Joe Jones of the International Association of Privacy Professionals stated: "Prominent companies previously said without the framework they might have to pull out of Europe. That's how bad it could get." The data flow between the EU and US represents over half of Europe's global data transfers and nearly half of US global data flows.

Legal Challenges Loom

Privacy activist Max Schrems' organization NOYB has already announced plans to challenge the DPF before the European Court of Justice. Previous frameworks were struck down in the Schrems I (2015) and Schrems II (2020) rulings. European Parliament resolutions in May 2023 questioned whether the DPF provides essential equivalence in protection levels.

The Data Protection Review Court (DPRC) - established as part of the DPF - remains operational but lacks complementary oversight without the PCLOB. This comes amid broader concerns about FISA Section 702 surveillance authorities set to expire in April 2026.

Chloe Nowak
Chloe Nowak

Chloe Nowak is a Polish author examining youth identity and digital culture. Her work captures how technology shapes modern adolescence.

Read full bio →
Back to Home