The move is the “first big political puncture” in a EU-U.S. pact to allow data to flow freely.
Donald Trump wants to oust three members of a national privacy watchdog that is a key part of Europeans’ privacy protections in the United States — spelling trouble for thousands of U.S. companies moving personal data out of Europe.
The U.S. White House told three Democratic-selected members of the Privacy and Civil Liberties Oversight Board to resign or be fired by the close of business on Thursday. The news was first reported by The New York Times and confirmed to POLITICO by an official close to the board.
The oversight board is tasked with overseeing U.S. surveillance practices and addressing complaints from Europeans about any misuse of their data. It’s a cornerstone of a data transfer agreement that Washington and Brussels struck in 2023 — after almost a decade of negotiations and court fights over data flows that at one point even included U.S. giant Meta threatening to pull its Facebook and Instagram services from Europe.
Big Tech giants and thousands of other companies use the European Union-U.S. data transfer agreement as a legal basis to transfer the personal information of Europeans to the U.S. Previous agreements were struck down in court in 2015 and 2020, each time leading to many months of corporate anxiety over whether U.S. firms could continue to conduct business as usual in Europe.
Uncertainty over the legal tool comes on top of already record-high tensions between Washington and Brussels over the EU’s tech regulations. Trump has lambasted EU tech and competition fines on U.S. tech giants in past weeks, and tech moguls Elon Musk and Mark Zuckerberg have come out swinging against laws including the Digital Services Act.
Trump’s power grab is the “first big political puncture to the foundations that have secured the [latest] data privacy framework,” said Joe Jones, a director at the International Association of Privacy Professionals.
PCLOB is “only one puzzle piece” allowing for smooth transatlantic data flows, Austrian privacy activist Max Schrems said in a statement. But, he added, the direction Trump is taking on privacy is “really not looking good” to reassure EU regulators that oversee how EU personal data flows to the U.S.
Schrems was behind the court cases that killed two previous data transfer deals, Privacy Shield and Safe Harbour, and that led to the creation of stronger protections under the current deal called the EU-U.S. Transatlantic Data Privacy Framework.
The European Commission has the power to suspend or invalidate these deals (formally known as “adequacy decisions”).
Commission spokesperson Markus Lammert told reporters on Thursday that the rules agreed with the U.S. “remain applicable irrespective of the members of the PCLOB.” He added that the Commission is continuously monitoring all adequacy decisions, including those on the U.S., and that it has “all the necessary tools in place to react to any possible developments.”
What would cause the EU to revise its decision is hard proof that the personal data of Europeans is no longer safe from blanket U.S. mass surveillance.
According to U.S. Senator Ron Wyden (D-Ore.), Trump’s crackdown on PCLOB is “kneecapping one of the only independent watchdogs over government surveillance who could alert Congress and the public about surveillance abuses by his administration.”
The board requires at least three members to perform its oversight duties. Experts are concerned that if the ousted members are not quickly replaced, it could affect the ability of the data privacy framework to function.
« A non-functioning PCLOB could undermine the Framework’s functioning and thus its adequacy and cause real headaches for companies like Google, Amazon and Meta that rely on it to transfer Europeans’ personal data to the U.S.,” said Jeramie Scott, director of the Electronic Privacy Information Center’s Project on Surveillance Oversight.
Oliver Süme, partner at Fieldfisher’s Hamburg office specializing in data protection, said the move is not necessarily an attack on the EU-U.S. framework. He said that as long as an executive order signed by former President Joe Biden to confirm the DPF agreement, as well as the European adequacy decision itself are in place, there is a legal ground for data transfers to the U.S. to continue.
This article has been updated.
