Get featured

EU court upholds EU–US data transfer deal

EU court upholds EU–US data transfer deal

EU court upholds data transfer framework between Europe and US. The ruling rejected a legal challenge and confirmed that the framework’s safeguards are adequate, allowing businesses across sectors to continue transatlantic transfers with renewed certainty after years of disruption caused by previous court annulments of earlier agreements.

Europe’s General Court has upheld the European Commission’s decision approving the EU–US Data Privacy Framework, rejecting a challenge that sought its annulment.

The ruling, delivered on 3 September in Case T-553/23, confirms that the framework adopted in July 2023 provides an adequate level of protection for personal data transferred from the European Union to the United States. French MP Philippe Latombe, who filed the case, argued that US surveillance laws still allow disproportionate collection of European data and that the new US Data Protection Review Court lacked independence.

The General Court dismissed these claims. Judges found that the safeguards written into the framework — including judicial oversight mechanisms and redress for EU citizens — were sufficient under European law. The judgment means companies across sectors, from banking and technology to manufacturing, can continue transferring data legally under the scheme.

The framework replaced earlier mechanisms struck down by the Court of Justice of the EU: Safe Harbour in 2015 and Privacy Shield in 2020, both invalidated due to US intelligence practices. Businesses had faced years of uncertainty and relied on alternative contractual clauses to keep cross-border data flowing.

Industry groups welcomed the decision. The Information Technology Industry Council described it as a “landmark ruling” that restores legal certainty for cross-border transfers. The Business Software Alliance added that it provides stability and reassurance for businesses and consumers on both sides of the Atlantic.

Privacy campaigners, however, remain sceptical. Max Schrems of digital rights group NOYB said the case brought by Latombe was narrowly framed and that further legal action is likely. He argued the ruling diverges from earlier findings of the Court of Justice, which twice struck down transatlantic transfer frameworks on privacy grounds.

An appeal to the Court of Justice of the EU remains possible, leaving open the prospect of renewed scrutiny. For now, though, companies dependent on transatlantic data flows have been granted a measure of legal certainty.

BQ

Stories for you —

  • SNG goes live with Workday platform

    SNG goes live with Workday platform

    SNG completes Workday rollout across core HR and finance operations. The housing association says the new platform gives more than 3,000 employees a unified digital foundation.

  • US M&A deals of the month: April 2026

    US M&A deals of the month: April 2026

    April’s biggest US deals rewarded scale, infrastructure, and specialist capability. From building-products distribution to satellite networks and biopharma pipelines, acquirers backed assets that could extend moats quickly and hold up in volatile markets.

  • Opus Technology wins B Corp certification

    Opus Technology wins B Corp certification

    Opus Technology secures B Corp status after a three-year process. The certification adds formal external validation to its ESG programme across operations, people policies, and environmental management.