Get featured

EU court upholds EU–US data transfer deal

EU court upholds EU–US data transfer deal

EU court upholds data transfer framework between Europe and US. The ruling rejected a legal challenge and confirmed that the framework’s safeguards are adequate, allowing businesses across sectors to continue transatlantic transfers with renewed certainty after years of disruption caused by previous court annulments of earlier agreements.

Europe’s General Court has upheld the European Commission’s decision approving the EU–US Data Privacy Framework, rejecting a challenge that sought its annulment.

The ruling, delivered on 3 September in Case T-553/23, confirms that the framework adopted in July 2023 provides an adequate level of protection for personal data transferred from the European Union to the United States. French MP Philippe Latombe, who filed the case, argued that US surveillance laws still allow disproportionate collection of European data and that the new US Data Protection Review Court lacked independence.

The General Court dismissed these claims. Judges found that the safeguards written into the framework — including judicial oversight mechanisms and redress for EU citizens — were sufficient under European law. The judgment means companies across sectors, from banking and technology to manufacturing, can continue transferring data legally under the scheme.

The framework replaced earlier mechanisms struck down by the Court of Justice of the EU: Safe Harbour in 2015 and Privacy Shield in 2020, both invalidated due to US intelligence practices. Businesses had faced years of uncertainty and relied on alternative contractual clauses to keep cross-border data flowing.

Industry groups welcomed the decision. The Information Technology Industry Council described it as a “landmark ruling” that restores legal certainty for cross-border transfers. The Business Software Alliance added that it provides stability and reassurance for businesses and consumers on both sides of the Atlantic.

Privacy campaigners, however, remain sceptical. Max Schrems of digital rights group NOYB said the case brought by Latombe was narrowly framed and that further legal action is likely. He argued the ruling diverges from earlier findings of the Court of Justice, which twice struck down transatlantic transfer frameworks on privacy grounds.

An appeal to the Court of Justice of the EU remains possible, leaving open the prospect of renewed scrutiny. For now, though, companies dependent on transatlantic data flows have been granted a measure of legal certainty.

BQ

Stories for you —

  • Confluent warns AI scale blocked by data

    Confluent warns AI scale blocked by data

    AI scale is being blocked by data infrastructure weakness. Confluent research finds 72% of global IT leaders say poor real-time data foundations are slowing AI growth, with agentic adoption particularly exposed.

  • DECTA finds payments gap among SMEs

    DECTA finds payments gap among SMEs

    SMEs want payment fundamentals fixed before more features arrive. DECTA research finds 40% of UK SME merchants feel underserved by payment providers, with security, settlement speed, transparency, and international payments among the main pressure points.

  • Business Stream reports charter progress

    Business Stream reports charter progress

    Water service is becoming an operational ESG issue. Business Stream says its Customer Care Charter has delivered service, satisfaction, water-efficiency, and emissions progress in its first annual report.