Get featured

EU court upholds EU–US data transfer deal

EU court upholds EU–US data transfer deal

EU court upholds data transfer framework between Europe and US. The ruling rejected a legal challenge and confirmed that the framework’s safeguards are adequate, allowing businesses across sectors to continue transatlantic transfers with renewed certainty after years of disruption caused by previous court annulments of earlier agreements.

Europe’s General Court has upheld the European Commission’s decision approving the EU–US Data Privacy Framework, rejecting a challenge that sought its annulment.

The ruling, delivered on 3 September in Case T-553/23, confirms that the framework adopted in July 2023 provides an adequate level of protection for personal data transferred from the European Union to the United States. French MP Philippe Latombe, who filed the case, argued that US surveillance laws still allow disproportionate collection of European data and that the new US Data Protection Review Court lacked independence.

The General Court dismissed these claims. Judges found that the safeguards written into the framework — including judicial oversight mechanisms and redress for EU citizens — were sufficient under European law. The judgment means companies across sectors, from banking and technology to manufacturing, can continue transferring data legally under the scheme.

The framework replaced earlier mechanisms struck down by the Court of Justice of the EU: Safe Harbour in 2015 and Privacy Shield in 2020, both invalidated due to US intelligence practices. Businesses had faced years of uncertainty and relied on alternative contractual clauses to keep cross-border data flowing.

Industry groups welcomed the decision. The Information Technology Industry Council described it as a “landmark ruling” that restores legal certainty for cross-border transfers. The Business Software Alliance added that it provides stability and reassurance for businesses and consumers on both sides of the Atlantic.

Privacy campaigners, however, remain sceptical. Max Schrems of digital rights group NOYB said the case brought by Latombe was narrowly framed and that further legal action is likely. He argued the ruling diverges from earlier findings of the Court of Justice, which twice struck down transatlantic transfer frameworks on privacy grounds.

An appeal to the Court of Justice of the EU remains possible, leaving open the prospect of renewed scrutiny. For now, though, companies dependent on transatlantic data flows have been granted a measure of legal certainty.

BQ

Stories for you

  • Brineworks secures m for DAC expansion

    Brineworks secures $8m for DAC expansion

    Brineworks secures €6.8 million funding to advance low-cost DAC technology. The Amsterdam-based startup aims to develop affordable carbon capture and clean fuel production technologies, targeting sub-$100/ton CO2 capture with its innovative electrolyzer system. The company plans to achieve commercial readiness by 2026….

  • Brineworks secures m for DAC expansion

    DHL and Hapag-Lloyd commit to green shipping

    DHL and Hapag-Lloyd partner for sustainable marine fuel use. The new agreement aims to reduce Scope 3 emissions through sustainable marine fuels in Hapag-Lloyd’s fleet, using a book and claim mechanism that decouples decarbonisation from physical transportation….

  • Survey: one in seven women face workplace harassment

    Survey: one in seven women face workplace harassment

    Over a quarter of women face workplace harassment in the UK. WalkSafe’s data highlights persistent harassment issues, with 27% of women and 16% of men affected. Many employees believe companies should enhance safety measures, valuing anonymous reporting systems.