US ruling could shatter transatlantic data flow
A recent US court ruling in the case of In re: Google RTB has determined that Google's real-time bidding ad system violates data privacy laws, potentially upending the legal framework for transatlantic data transfers. The decision challenges the EU-US Data Privacy Framework and could have far-reaching implications for how personal data flows between Europe and the United States.
Background
- The article concerns a legal threat to the **EU-U.S. Data Privacy Framework (DPF)**, the 2023 agreement that lets companies legally transfer Europeans' personal data to the U.S. It replaced two earlier pacts (Safe Harbor and Privacy Shield) that were struck down by the European Court of Justice.
- The risk: U.S. President **Donald Trump** issued executive orders expanding surveillance powers and restricting data flows. If a court finds these undercut the privacy protections the DFP promised, the framework could be invalidated — again.
- Why it matters: Without a valid agreement, thousands of companies face a choice: halt transatlantic data transfers (disrupting cloud services, payroll, analytics) or risk massive fines under **GDPR**, Europe's strict privacy law.
- Key figure: **Max Schrems**, an Austrian activist who previously sued Meta/Facebook, winning court cases that killed the DPF's two predecessors. He is involved in this new challenge.