Necessary Always Active
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
|
||||||
|
||||||
|
||||||
|
Published on
September 3, 2025
5 min read
EU Court Backs Data Transfer Deal, Strengthening EU-US Data Flows
According to Reuters, the European Union’s second-highest court approved on Wednesday a data transfer agreement between the EU and United States that was established two years ago. EU court backs data transfer deal replacing two earlier agreements that had been struck down by a superior court.
This decision will offer legal clarity to thousands of businesses, including banks, technology firms, pharmaceutical companies, and automotive manufacturers. Recently Toyota partnered with Nvidia to build next-generation cars. This movement of personal data between Europe and America for business operations like employee payroll management and cloud computing services.
Data Transfer Framework Europe-US
The data transfer framework Europe US endorsed by the court replaces two earlier arrangements that were invalidated by the Court of Justice of the European Union due to surveillance concerns. The General Court found that, at the time of adoption in 2023, United States law and redress mechanisms met the adequacy standard required for transfers. The judgment references oversight by the US Data Protection Review Court and confirms that signals intelligence activities are subject to ex post judicial review. The case is recorded as T 553/23, Latombe v Commission.
EU Court Approves US Data Transfer Framework
French lawmaker Philippe Latombe challenged the Commission’s decision, arguing that the agreement failed to guarantee respect for private and family life and that the review body lacked sufficient independence. judges dismissed the action and allowed the adequacy decision to stand. Latombe may still appeal to the Court of Justice of the European Union on points of law, which would prolong the legal process if pursued. The court’s press office also published a summary confirming dismissal of the annulment request.
“The General Court dismisses an action for annulment of the new framework for the transfer of personal data between the European Union and the United States,” the judgment stated, as per Reuters. “On the date of adoption of the contested decision, the United States of America ensured an adequate level of protection for personal data.”
“In the present case, it is apparent from the file that, under U.S. law, signals intelligence activities carried out by US intelligence agencies are subject to ex post judicial oversight by the DPRC,” they said, referring to the U.S. Data Protection Review Court. Earlier this year EU reviews US big tech probes amidst political pressure.
EU Data Framework
EU data framework offers operational clarity for organizations that transfer information for routine commercial purposes, including payroll processing and cloud workloads. Sectors most directly affected include the following:
• Banking and financial services that manage customer and employee data across regions.
• Technology providers operating cloud platforms and analytics services for European clients.
• Pharmaceutical and automotive manufacturers coordinating research, supply chains, and customer support.
Austrian privacy activist Max Schrems reiterated reservations about the framework’s durability, noting that a broader review of United States surveillance law could reach a different outcome in future cases.
Legal certainty for EU US data transfers
The Commission’s adequacy decision remains in force, and the court’s reasoning affirms reliance on the framework for transfers to participating United States organizations. Companies should continue documenting transfer impact assessments, standard operational safeguards, and vendor due diligence while monitoring any appeal to the Court of Justice of the European Union.
