Trump’s Actions Could End EU US Data Transfers. What Every C-Level Executive Should Prioritize Now
What Happens If Trump Pulls the Plug on Transatlantic Data Transfers?
The Transatlantic Data Privacy Framework (TADPF), the legal backbone of EU to U.S. data transfers, exists solely because of a U.S. executive order. It can be revoked with a signature.
If Donald Trump decides to withdraw that order, the European Commission’s adequacy decision could collapse overnight. That would throw billions of euros in cloud-based services into legal limbo.
Hummam Wasfi, Founder and CEO, Art25 Consulting
Seventy percent of cloud services used by European businesses are U.S.-based. Without a valid transfer mechanism, companies could face
• GDPR non-compliance risks
• Operational disruptions
• Regulatory scrutiny
• Forced data repatriation
And let’s not forget. U.S. intelligence agencies still maintain broad surveillance powers with little recourse for EU citizens. That’s exactly why Privacy Shield was invalidated in Schrems II.
What Happened
In Schrems II (2020), the Court of Justice of the EU invalidated Privacy Shield, ruling that U.S. surveillance law failed to meet EU standards for privacy and redress.
In response, the Biden administration issued Executive Order 14086, which laid the foundation for the TADPF and the European Commission’s adequacy decision in July 2023.
But the framework relies entirely on that one executive order. It can be undone instantly.
What Trump Already Changed
In early 2025, Trump began dismantling oversight by removing privacy watchdogs from the Privacy and Civil Liberties Oversight Board. That board was central to monitoring intelligence practices under the TADPF.
With no functioning oversight and potential changes to surveillance safeguards, the EU’s adequacy decision is on unstable ground.
Source: NOYB – “Trump punches first hole in EU-US data deal”
What European Businesses Should Do
You can’t build your compliance strategy on unstable geopolitical ground. The time to act is now
+ Map your dependencies on U.S. cloud providers
+ Assess fallback transfer tools like SCCs, and their limitations
+ Strengthen regional cloud or hybrid data strategies
+ Prepare for audits, regulatory investigations, and customer impact
Need Support?
We support clients with Data Protection Gap Analyses and ongoing Part-Time DPO support to identify risks, close compliance gaps, and prepare for disruption.
Book a free advisory meeting here.
