The future of the EU-US Data Privacy Framework—a key agreement allowing data transfers between Europe and the United States is once again facing uncertainty.
Germany’s Interior Ministry has raised concerns about the stability of the agreement. These concerns come now that President Donald Trump is back in office. The ministry is worried about the direction of data privacy under President Trump’s administration. Officials fear that his government could review or even repeal the current data transfer agreement. This agreement was originally based on commitments made by former President Joe Biden through an executive order.
The German ministry told newspaper Handelsblatt that “legally secure” data transfers are of “great importance” to the German economy. Many German companies rely heavily on US-based cloud providers for their daily operations. These include major services like Amazon Web Services, Microsoft, and Google.
Why This Agreement Matters?
The EU-US Data Privacy Framework was adopted by the European Commission in 2023. It officially declared that transferring personal data between the EU and the US is safe and legally valid. This decision was based on the privacy safeguards promised by the Biden administration.
But the framework has already faced legal pushback. Just two months after it was put in place, French politician Philippe Latombe filed a case before the European Court of Justice (ECJ), challenging the agreement. A court hearing was held earlier this month, and a ruling is expected in the future.
This is not the first time an EU-US data deal has been under fire. Past frameworks like Privacy Shield and Safe Harbor were both struck down by the ECJ, which ruled that US privacy laws did not do enough to stop national security agencies from accessing personal data.
What If the Framework Gets Overturned?
If the agreement is repealed or invalidated by the court, companies will have to fall back on standard contractual clauses (SCCs) for cross-border data transfers. Furthermore, these legal tools require approval from national data protection authorities, making them slow and more complex to implement.
Privacy advocacy group NOYB told Euronews that the European Commission “has always relied on a mosaic-puzzle approach” to justify the adequacy of US data protections. They also added that many companies are “thinking massively about hosting in Europe and finding alternatives.”
What Happens Next?
The EU plans to review the agreement regularly. If at any point it believes the US no longer guarantees adequate privacy protections, the Commission can suspend, modify, or cancel the deal.
With Donald Trump now in office and questions being raised about his administration’s stance on data privacy. Furthermore, businesses on both sides of the Atlantic are watching closely. The stakes are high, especially for companies that rely heavily on international data transfers and cloud services.
