Jump to content

The US undermines the Transatlantic Data Privacy Framework with the EU by firing PCLOB staff

From Consumer Rights Wiki

At the end of January 2025, three staff members of the Privacy and Civil Liberties Oversight Board(PCLOB) were fired by the US president.[1] The EU-US Data Privacy Framework with the EU relies heavily on proper oversight from this board, which raises serious legal concerns on the EU-side for the agreement if the US board can no longer properly function.[2][3][4]

Background[edit | edit source]

The initial framework for EU-US data transfers was called Safe Harbor, which was deemed inadequate in 2015 by the European Court of Justice in the case Schrems I.[5][6] In 2016, the European Commission issued an adequacy decision on the EU-U.S. Privacy Shield Framework, making it the replacement of the Safe Harbor program.[6][7] In 2020, this framework is also deemed inadequate by the European Court of Justice in the case Schrems II.[8][9] Enhanced oversight was needed going forward, as compliance with European General Data Protection Regulation continued to be at risk with the frameworks so far. The Schrems II ruling validated the existing Standard Contractual Clauses(SCC's[10]), but added stricter requirements for implementation, significantly increasing oversight requirements to make transfer of personal data from the EU to the US lawful.[11] The current EU-US Data Privacy Framework (DPF) represents the third major attempt at establishing a stable transatlantic data transfer mechanism.

Consequences[edit | edit source]

Under the GDPR, personal data exported outside the EU must be protected with standards that are "essentially equivalent" to EU laws. This includes transparency, limited government access, and strong rights for individuals over their personal data.[12] If that cannot be guaranteed, using US companies for European software infrastructure is at risk as not being legal in the EU. That affects large cloud platforms like AWS, Azure, Google Cloud and other American cloud infrastructure.

References[edit | edit source]

  1. https://news.bloomberglaw.com/privacy-and-data-security/trump-terminates-trio-of-democrats-from-privacy-oversight-board
  2. https://noyb.eu/en/us-cloud-soon-illegal-trump-punches-first-hole-eu-us-data-deal
  3. https://www.lawfaremedia.org/article/trump-s-sacking-of-pclob-members-threatens-data-privacy
  4. https://www.politico.eu/article/usa-donald-trump-privacy-watchdog-dismantle-personal-data/
  5. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0362
  6. 6.0 6.1 https://www.ftc.gov/business-guidance/privacy-security/us-eu-safe-harbor-framework
  7. https://www.europarl.europa.eu/doceo/document/E-8-2016-006211-ASW_EN.pdf
  8. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311
  9. https://www.ftc.gov/business-guidance/privacy-security/privacy-shield
  10. https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
  11. https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf
  12. https://www.digitalsamba.com/blog/trump-presidency-threatens-the-stability-of-the-eu-us-data-transfer-agreement
Retrieved from "https://consumerrights.wiki/index.php?title=The_US_undermines_the_Transatlantic_Data_Privacy_Framework_with_the_EU_by_firing_PCLOB_staff&oldid=9340"