US Supreme Court Ends The Pretence of The EU – US Data Privacy Framework

European Data Protection makes it illegal to transfer person identifiable data to outside the EU. Unless there is equivalence in data protection, or an agreement with guarantees and oversight deemed adequate. For the USA this is the EU-US Data Privacy Framework (DPF). This framework depends on the existence of the independent oversight body FTC, and the Data Protection Review Court (DPRC) which serves as redress mechanism. The arrangement is in place since 2023. Earlier agreements, the Safe Harbor Agreement (until 2015) and the Privacy Shield Agreement (until 2020), both were struck down in European courts as inadequate (the Schrems I and Schrems II cases). The DPF always has been a sham. Because in reality it was clear that there was no practical adequacy in any way, let alone that it could be properly enforced. “But there’s independent oversight! The FTC!” has been used as plausible reason to change nothing in practice. Notions of data protection in the USA never aligned with the…