In a digital economy reliant on well guarded data, the protection and the free mobility of data within the border of one country and to other country are becoming more and more challenging.
Over years, the European Union and the United States have been structured around legal pillars that allowData flowing across the Atlantic with smoothness and safety of the enterprise and the large companies.
However, with privacy shield and others, which is the basic agreement between EU and US to protect personal data, legal and political developments could weaken this fragile balance which may present major companies with legal challenges to slow down data’s flow and influence digital economy between the two sides.
From Privacy Shield to an Uncertain Future Under Trump
The Privacy Shield has been the legal framework governing transfers of the data from the European Union to the United States for years, but has been subject to legal challenges and those have raised questions as to how long it will remain sustainable.
Trump returns to the White House for a second term, and focus is now turning to the new framework to replace Privacy Shield, and what the next administration might do with it to match up with its new policies.
In 2017, Trump's administration held on to the Privacy Shield even as it put the law in place preventing data from flowing across the Atlantic which did not align with EU data protection laws, strengthening trade relations between the two sides.
Although Trump in both 2016 and 2024 promised to roll back his predecessors’ policies, “Privacy Shield” wasn’t one of them — perhaps because the Trump administration already knew it was an economically important pillar.
For its part, it is important to note that when Wilbur Ross became Secretary of Commerce in the Trump administration, and in 2017, the first day he was sworn in, he assumed a position stressing the need to ‘protect the ‘Privacy Shield’ based on Presidential Directive 28 (PPD-28), which was the directive from the Barack Obama administration that obliged US intelligence agencies to observe a restricted level of confidentiality of people outside US borders.
In terms of economics, it was more economical to retain the framework than to go through the process of scrapping it — where scrapping would have provided the EU with a cause for imposing trade restrictions on US companies which could affect exports.
However, this framework did not last long. The Privacy Shield was struck down by the European Court of Justice (CJEU) in July 2020 for failing to provide sufficient data protection in line with European law, specifically in view of US surveillance and fundamental rights of those that they affect.
Thus, in the Trump administration, the dawn of a new legal alternative for this decision came with negotiations, which continued on the part of the Biden administration until reaching a new framework based on Executive Order EO-14086 in 2023, in order to meet European requirements and keep transatlantic data transfers smooth.
Furthermore after the US elections, Project 2025 and the cancellation of executive orders...
Trump released a sweeping plan during his 2024 campaign to transform the federal government, on top of proposals to void several executive orders by Biden and offering a draft set of new orders, which are to be enacted once the new administration gets into power in 2025.
While last year’s Project 2025 report called for an immediate study, it did not ask that EO-14086 be rescinded or any of its provisions rescinded that might unreasonably hamper intelligence collection.
But the report also recognized the essential role it will play in guaranteeing the flow of the data as well as avoiding a legal challenge under the European Court of Justice.
Dismissals at the Privacy Council: Redirection or Politicization?
There was a series of dismissals between a controversial executive orders and the sort of documents that seemed so imprecise that some simply wondered whether lawmakers could have used artificial intelligence to write them, that had the potential to bear enormous consequences for the stability of the agreements overseeing data transfers between the European Union and the United States.
In his second term, Trump broke from precedent when, on January 27, he fired several longtime directors of the Privacy and Civil Liberties Oversight Board, an independent agency designed to protect those in privacy and civil liberties when laws are written and enforced: Sharon Bradford Franklin, Ed Felten, and Travis Leblanc.
As my three belong to the Democratic camp, this is part of the new administration's politics to change the course of the ship at the institutions responsible for the work of the government and the oversight of their transparency, according to the report of the Independent newspaper.
These political interventions, according to the same source, adequately raise questions about the independence of the Privacy and Civil Liberties Oversight Board that leads to deep reflections around the protec effect of these decisions for international agreements, especially in the eyes of the European Union.
This Board is fully independent, which is one of this pillar of the Transatlantic Data Privacy Framework (TADPF) governing the transfer of personal data about EU citizens and their interactions with companies based in the United States.
The Council is a fundamental oversight mechanism to conduct that the data is not exploited by the US government against citizens in the European Union, and this framework is committed to providing adequate protection of citizens’ personal data that is transferred to the US under European standards of protection.
Despite the criticism of the stability of this framework, it is a vital part of the business continuity in the global digital economy, where the cloud computing and digital technology increasingly become important.
The same newspaper quoted such a council, however, as saying that politicizing this council may threaten the stability of the fragile diplomatic foundations on which this agreement is based.
Executive Order 14086 and the Importance of Its Continuity
Lawfare, as reported, the next administration should not cancel Executive Order 14086, which was deliberately crafted in compliance with basic privacy protection under European law while maintaining the legal and constitutional framework of the United States.
What this does not fundamentally change is intelligence gathering methods, it simply codifies and clarifies long term practices developed across successive administrations.
The 2025 Project, as it acknowledges, will continue to face an inevitable legal challenge before the European Court of Justice and any substantive changes to Executive Order 14086 will carry significant risk that the framework will become legally unstable, undermining stability in the U.S. digital economy by reverting commercial data flows back to legal chaos.
Legal Challenges Related to Executive Order 14086 and Its Impact on Data Transfer
Although Executive Order 14086 appears to be conceived to employ a review mechanism, which may face legal conflicts in the internal United States, new Justice Department officials could quibble with that review mechanism.
Notably, the nonconsensual appointments of the Court of Review judges in this context are made on the same legal basis as were the appointments of special counsels, like Jack Smith whose appointment Justice Elon Cannon ruled unconstitutional but which has now been challenged in appeal.
Prior to becoming a potential Trump administration Attorney General, giving her authority to appoint review court judges, Bogdi supported the decision in a memo to the America First Policy Institute.
Even though these cases are mired in legal controversy, DPT judges work part time and lack the power to review individual cases without long and lasting impact on surveillance operations, compared with special counsels who oversee long, ongoing investigations.
Yet the review court will be crucial in assuring the EU that US nationality security issues will be subject to a quasi judicial review after the demise of the Privacy Shield.
Data protection standards compliance too is the forth requirement given by Executive Order 14086 and it is similar to 2015 US law, providing the US administration with a major bargaining chip.
So far, Court of Review has not heard cases yet, but there is an expectation that European scrutiny will continue and that new cases may, in the future, be brought to the Court of Review.
But because removing the grievance mechanism also deters the influx of trade data and economic ties with Europe, the executive order does not allow overreach in monitoring unless the European Court of Justice overthrows it, which forces renegotiation.
Data restrictions put pressure on companies.. How do data policies threaten digital investments?
According to the Laufer report, the impact of disrupting the data privacy framework would include damaging data flows essential to transatlantic trade and to the businesses and consumers of both the United States and Europe.
What I would mention here is that there are now more than 2,800 companies certified under this framework, which exceeds the number of companies that were covered under the “Privacy Shield” (which also includes such companies as “Google” and “Microsoft” or such institutions as financial services and tourism retail upon which serve the main American exports).
Smooth data flow itself is the lifeblood of big tech companies: big tech companies need to keep the data moving between the United States and Europe to offer their services across the Atlantic, or indeed, expand their operations into new markets.
The Independent report in the same context also stated that government agencies, schools, health institutions or any other public body may be forced to suddenly cease providing digital information, thus blocking the taking benefit of cloud services offered by Amazon Web Services (AWS), Google, Microsoft and similar entities.
More administrative uncertainty will be imposed on private companies which results in additional bureaucratic burdens which will come into play in their operational strategies.
The digital economy in the 2025 test.. Will the law settle its battle soon?
While the legal and political debate surrounding what may happen to the data that the United States will share with the European Union seems far from over, 2025 may precipitate a time that will shape the way forward.
Current agreements will either continue as is or they will be challenged legally and might cause the digital world to return to uncertainty.
Businesses face significant risks in their ability to adjust to privacy policy changes because of ongoing political development which includes potential alterations of EO-14086 and more decisions Trump may make.
Companies will encounter legal uncertainty which endangers secure data cross-border operation when executive orders either become modified or face suspension status.
Continued development in cloud computing and business intelligence creates pressure on European Union and United States partnership for technology and digital service cooperation since the emerging solutions may necessitate mutually agreed-upon terms that preserve the digital economy's operational dynamics.
The dominant players of transatlantic data movement face an open question about sustaining mutual trust while developing new solutions since political-legal shifts could potentially lead to substantial flow limitations and digital innovation disruption.
