Logo

Trump's blunt style makes data sharing impossible

From now on, the U.S. president can dismiss FTC regulators at will. This has major implications for the EU-U.S. data pact.

Published on July 6, 2026

trade war

Team IO+ selects and features the most important news stories on innovation and technology, carefully curated by our editors.

The legal basis for the exchange of personal data between the European Union and the United States is once again under fire. A recent ruling by the U.S. Supreme Court has, in one fell swoop, destroyed the independence of the Federal Trade Commission (FTC). The privacy organization NOYB is sounding the alarm, arguing that the current Data Privacy Framework (DPF) has become unusable. Companies that send data across the Atlantic on a daily basis must prepare for major legal storms.

The final blow to the Data Privacy Framework

With its ruling in the case of “Trump v. Slaughter,” the U.S. Supreme Court has planted a bomb under transatlantic data traffic. The case centers on the president’s authority to dismiss independent regulators. Previously, a president could only remove the commissioners of the Federal Trade Commission (FTC) for compelling reasons. The court has now completely overturned this historic precedent. This decision aligns with the so-called “Unitary Executive Theory.” This theory holds that the president must have absolute control over all executive government agencies. As a result, the U.S. president can dismiss regulators he disapproves of immediately and without giving any reasons. As a result, the FTC’s independence now exists only on paper. This has direct and far-reaching consequences for European citizens. Their personal data is now protected by a watchdog that is under the direct political control of the White House. Trump’s political style thus completely undermines the legal protection of Europeans.

Watt Matters in AI 2026

Why independent oversight is an absolute requirement

European privacy legislation imposes very strict requirements on the transfer of personal data to countries outside the European Union. According to the General Data Protection Regulation (GDPR), data may only be shared if there is an equivalent level of protection. A crucial part of this is the existence of a fully independent regulator. The European Court of Justice has repeatedly confirmed this in previous court cases. In 2023, the European Commission adopted the Data Privacy Framework (DPF). In this decision, the Commission referred no fewer than 259 times to the FTC as the independent watchdog responsible for enforcing the rules in the U.S. Now that this independence has been struck down by the Supreme Court, the DPF lacks its most important foundation. The privacy organization NOYB, led by activist Max Schrems, argues that this has effectively rendered the agreement unusable. Without independent oversight, there is simply no longer a valid legal basis for data transfers.

A history of shaky privacy agreements

This isn’t the first time that data sharing between the European Union and the United States has run into trouble. Two previous data agreements have already fallen through. First, the European Court of Justice declared the Safe Harbor agreement invalid in 2015. Five years later, its successor, the Privacy Shield, suffered the exact same fate in the well-known Schrems II case. In both cases, Austrian lawyer Max Schrems and his organization NOYB were the driving force behind the lawsuits. NOYB has been fighting for years against the unchecked surveillance by U.S. intelligence agencies. The organization argues that U.S. legislation, such as the infamous CLOUD Act and FISA Section 702, is fundamentally incompatible with European privacy rights. The 2023 Data Privacy Framework was a hastily reached political compromise. Critics warned at the time that the U.S. government refused to genuinely reform its intelligence agencies. The current crisis surrounding the FTC confirms that the transatlantic data flow is built on quicksand.

Political turmoil and the response from Brussels

The U.S. Supreme Court’s ruling is causing major political turmoil in Europe. In the Dutch House of Representatives, critical questions were immediately directed at the State Secretary for the Digital Economy. Members of Parliament want to know whether the Netherlands is prepared for a scenario in which data exchange with the U.S. comes to a complete standstill. The European Commission has announced that it is thoroughly reviewing the court’s ruling. A spokesperson stated that Brussels is examining the extent to which the ruling undermines the validity of the DPF adequacy decision. So far, no formal decision has been made to revoke the agreement. The Dutch Data Protection Authority (AP) and other European regulators have also not yet announced any immediate enforcement actions. This is because the DPF is still formally considered law until a court or the Commission officially declares it invalid. However, legal experts warn that this formal status may be very temporary and that pressure on Brussels is mounting rapidly.

What specific steps should companies take now?

Uncertain times lie ahead for companies that rely on U.S. cloud services. Although there is no immediate cause for panic, legal experts advise against passively waiting. Companies must immediately assess their data transfers and their reliance on U.S. software providers. It is wise to explore alternative legal instruments. For example, companies can use Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). But be aware: even these alternatives do not provide an automatic free pass. Companies must still conduct a rigorous risk analysis, known as a Transfer Impact Assessment (TIA). After all, the recent ruling by the U.S. Court has once again cast doubt on the effectiveness of legal protection in the U.S. The Data Protection Review Court (DPRC) is also under fire because it is an executive body under the U.S. Department of Justice. Companies would be wise to start looking for European alternatives for their cloud storage right away.