[German]I see dark clouds looming for data transfer from European organizations to the US cloud? Donald Trump's presidential order also puts the axe to the EU Commission's adequacy decision, which is the basis for the use of the US cloud in Europe. The possibility of the European Court (ECJ )overturning the agreement has risen sharply.
Advertising
What we are talking about
Under US President Biden, the Transatlantic Data Privacy Framework (TADPF) was established with the EU Commission. I gave an outline in 2023 in the German article Datenaustausch mit den USA per EU-U.S. Data Privacy Framework, eine Bestandsaufnahme (Data exchange with the USA via the EU-U.S. Data Privacy Framework). On the basis of this "Transatlantic Data Privacy Framework" (TADPF), the EU Commission adopted an adequacy decision, which certifies an equivalent level of data protection in the USA as in the European Union.
I reported on this in the article European Commission adopts adequacy decision for EU-U.S. Data Privacy Framework and also addressed the doubts of data protection experts that this decision will stand up before the European Court of Justice (ECJ).
However, the fact is that there is an adequacy decision on the Transatlantic Data Privacy Framework (TADPF) from the EU Commission and there is still no ruling from the European Court of Justice (ECJ).
This legal framework therefore enables European companies to process data that then ends up in the cloud solutions of US companies. It does not matter legally whether their servers are located in the EU, as the US Cloud Act stipulates that US authorities have access to the companies' data at all locations.
Donald Trump has been axing things
Since January 20, 2025, Donald Trump has been President of the USA and has rescinded a number of his predecessor's executive orders. This also appears to have an impact on the Transatlantic Data Privacy Framework (TADPF) adopted by Joe Biden.
Advertising
If the (in my view already weak) level of protection guaranteed in the Transatlantic Data Privacy Framework (TADPF) falls, the EU Commission's adequacy decision on the Transatlantic Data Privacy Framework (TADPF) will no longer have any basis.
Austrian data protection activist Max Schrems from noyb raised the question of whether the US cloud will soon be illegal and goes into more detail in the article US Cloud soon illegal? Trump punches first hole in EU-US Data Deal (thanks to the reader for pointing this out).
According to Schrems, the Privacy and Civil Liberties Oversight Board (PCLOB) is the main US oversight authority for US company surveillance laws on this privacy issue.
The European Union has relied on these US tribunals in its adequacy decision, claiming that the US thus provides "adequate" protection of personal data.
According to US reports in the New York Times, Democratic PCLOB members were asked to resign from their positions on the (officially "independent") agency by Friday evening. This would bring the number of appointed members below the threshold required for the PCLOB to operate, writes noyb.
However, this approach calls into question the independence of many other executive tribunals in the USA. However, this puts the EU Commission's EU adequacy decision in serious jeopardy, as its basis is currently being pulverized. This is because the EU Commission – with reference to the PCLOB and other tribunals – is allowing the unhindered flow of personal data from Europe to the USA as part of the Transatlantic Data Privacy Framework (TADPF).
In other words, the legally secure use of the US cloud has become a little less secure for European companies. The linked noyb article outlines the looming disaster. Actions are pending before the ECJ and the chances that this adequacy decision will also be overturned due to a lack of basis have increased. Then the big catcalls regarding the use of Microsoft 365, Delos Cloud etc. will start.
Advertising