Following the invalidation of both the Safe Harbor and Privacy Shield frameworks by the EU Court of Justice, the EU and US announced a new political agreement on transatlantic data transfers. However, questions persist about whether this new framework represents a genuine improvement or merely another political arrangement destined to be struck down.

What the Framework Proposes

The new agreement introduces additional safeguards on the US side, including executive orders limiting intelligence agency surveillance of European data and establishing a redress mechanism for EU citizens. The European Commission would adopt an adequacy decision recognizing these protections as sufficient.

Why Skeptics Are Concerned

Privacy advocates point out that the framework relies heavily on executive orders, which can be revoked by future administrations. The redress mechanism, while novel, faces questions about its independence and effectiveness. The fundamental issue -- that US surveillance law allows broad collection of foreign data -- remains largely unchanged.

Historical Pattern

The Safe Harbor was invalidated in Schrems I (2015). The Privacy Shield was invalidated in Schrems II (2020). Privacy organization noyb has already signaled its intention to challenge any new framework. The pattern of political agreements followed by judicial invalidation suggests that the underlying legal conflict between US surveillance capabilities and EU privacy rights requires more fundamental resolution than diplomatic agreements can provide.

Practical Implications

Organizations should not treat the new framework as a permanent solution. Contingency planning for potential invalidation -- including evaluating EU-based alternatives for critical services -- remains prudent.