The European Union’s General Court has upheld the EU–US Data Privacy Framework, rejecting a legal challenge that sought to overturn the pact governing the flow of personal data across the Atlantic.
Adopted in 2023, the framework is the EU’s third attempt to establish a legally sound system for data transfers to the United States, following the collapse of its predecessors — Safe Harbor and Privacy Shield — after successful legal challenges by Austrian privacy activist Max Schrems.
In its ruling, the Luxembourg-based court concluded that, at the time of adoption, the United States provided an “adequate level of protection” for EU citizens’ personal data transferred to US-based organisations.
The challenge was brought by Philippe Latombe, a centrist French lawmaker, who argued that the framework failed to fully comply with EU privacy standards and criticised the practice of US intelligence agencies collecting bulk data in transit. But the court dismissed his arguments in full, stating it “dismisses the action in its entirety.”
Business groups had warned that a victory for Latombe could unleash another round of prolonged legal uncertainty. The ruling was therefore greeted with relief by industry players.
The Business Software Alliance (BSA), a US-based tech lobby group, welcomed the decision, saying: “This outcome provides stability and reassurance for businesses and consumers on both sides of the Atlantic who rely every day on trusted cross-border data flows.”
The judgment represents a major boost for transatlantic digital commerce, offering much-needed stability in one of the world’s most consequential data-sharing arrangements.
About the Author
