EU-US DPF Latest Developments Tracker
by Streamlex 6 March 2025
A continuously updated tracker summarizing the latest developments, including positions of the data protection authorities and EU institutions, on the future of the EU-US Data Privacy Framework (DPF) and any related regulatory challenges. Includes key takeaways for companies and direct links to official statements.
Backround
The EU-US Data Privacy Framework (EU-US DPF), adopted by the European Commission in July 2023, was long awaited by many EU businesses. It allows the EU companies to transfer personal data to US companies certified under EU-US DPF without requiring additional safeguards.
Issue
However, the EU-US DPF is coming under increased scrutiny primarily due to the political developments in the US (read more about the reasons for concern here and here), raising challenges about its long-term stability. Recent statements from the Nordic DPAs signal uncertainty over the longevity of the adequacy decision. If the decision is overturned, companies relying on it for data transfers may need to find alternative mechanisms.
EU-US DPF Latest Developments Tracker
Jurisdiction | Date | Institution | Development | TL;DR | Analysis |
|---|---|---|---|---|---|
EU | 1 April 2025 (coming up) | Court of Justice of the EU (CJEU) | Mr Latombe seeks annulment of the EU-US DPF alleging infringements of the Charter and GDPR. Mr Latombe's application for an interim relief was dismissed by the Court in 2023. | ||
Sweden | 5 March 2025 | Swedish DPA | The US adequacy decision is still in effect. However, it may be revoked or annulled by the Commission or CJEU if data protection is deemed inadequate. Companies must stay informed about US adequacy decision updates and be prepared to find alternative data transfer mechanisms if it is revoked. | ||
Norway | 26 February 2026 | Norwegian DPA | The EU-US DPF is still in effect, but the companies should prepare an exit strategy in case the adequacy decision is revoked, as there may be no transition period. | ||
EU | 5 February 2026 | Member of the European Parliament Raquel García Hermida-Van Der Walle (Renew) | MEP questioned the European Commission on U.S. data privacy policies, specifically PCLOB’s independence. She asked if the Commission would consider suspending the EU-US DPF until the board is fully independent. |
