US Supreme Court Just Blew Up EU-US Data Transfers
The US Supreme Court's recent ruling has jeopardized the legal framework for EU-US data transfers, potentially affecting thousands of companies that rely on mechanisms like Privacy Shield and Standard Contractual Clauses to move personal data across the Atlantic.
Background
- The US Supreme Court rejected the long-standing "Chevron doctrine," which had required courts to defer to federal agencies' interpretations of ambiguous laws. Without it, US privacy safeguards that the EU relied on (like the Data Protection Framework) are far easier to challenge in court.
- This directly affects EU-US data transfers. European companies sending personal data to the US need a legal basis (e.g., "Standard Contractual Clauses" or the new "Data Privacy Framework"). If those US protections are now legally fragile, EU regulators may rule that transfers lack "essentially equivalent" protection—potentially blocking them.
- The non-profit organisation noyb.eu (led by privacy activist Max Schrems) has a long history of litigating EU-US data flows. They previously overturned the "Safe Harbor" and "Privacy Shield" agreements at the EU Court of Justice (the "Schrems I" and "Schrems II" rulings).
- This ruling does not change EU law directly, but it undermines the US legal commitments that the European Commission relied on when approving the current transfer framework, making a third challenge ("Schrems III") more likely to succeed.