Schrems: EU Still Concerned Trump Could Reverse Data Privacy Framework
European privacy professionals remain concerned President Donald Trump could nullify the EU-U.S. Data Privacy Framework (DPF) by reversing former President Joe Biden’s executive order establishing the DPF, said Austrian activist and privacy attorney Max Schrems on Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Speaking on a Didomi livestream, Schrems said that when Trump took office, the EU-U.S. privacy compliance conversation shifted into a broader discussion about data transfers that could impact all sectors, given Trump’s proposal to acquire Greenland. There was a feeling Trump could “embargo Denmark overnight,” and companies like Google and Microsoft would be shut off from their customers in Denmark, he said.
It’s “not anything that’s likely to happen tomorrow, just to put it in perspective, but it became thinkable” when Trump took office, he said. “Like it used to be unthinkable. Now it’s a possibility that we cannot rule out, and it’s interesting that it goes beyond just privacy compliance. That goes toward still being able to operate your business,” he said, citing potential impacts on logistics related to shipping.
The DPF has always been a “house of cards,” and if Trump revoked the Biden EO, there would be no legal basis for data transfers between the EU and U.S., he said. “That’s a very interesting situation we’re in.”
Schrems said he has no imminent plans to challenge the DPF, as he successfully did with its predecessors the U.S.-EU Safe Harbor Framework and the EU-U.S. Privacy Shield Framework. He noted the Schrems II challenge cost about $11.6 million, and he was “personally liable.”
A legal challenge from French Parliament Member Philippe Latombe is currently pending, Schrems noted. Latombe is seeking annulment of the European Commission’s adequacy decision on the framework. The General Court of the European Union in September dismissed the challenge, upholding the DPF’s validity. Schrems said it’s unclear if Latombe will appeal to the European Court of Justice.
“It’s very hard to get a reference from any other court as long as there’s something pending at the Court of Justice,” he said. “We’re a bit worried because, after the first instance decision, it’s a bit of a dead horse.”
Schrems said he doesn’t believe Latombe has standing to bring the case, but there should be clarity on the potential appeal in the coming weeks.
Marie Fenner, global senior vice president for analytics at software vendor Piano, said EU entities remain focused on HIPAA compliance. She cited the 2023 warning letter from the FTC and Department of Health and Human Services' Office for Civil Rights regarding compliance related to online tracking technology. This concerns pixel tracking by Meta and Google data analytics tools, she said: “This is still very much a hot topic, and our clients are needing to do a lot of due diligence.”