Max Schrems and NOYB criticise court decision on EU-US data transfer deal
After the General Court dismissed a challenge to the EU-US data transfer deal, Max Schrems and his group NOYB warned that the agreement is little more than a repeat of past unlawful frameworks.
Privacy activist Max Schrems and his organisation NOYB (None Of Your Business) have sharply criticised the EU’s General Court after it dismissed a challenge to the new EU-US Transatlantic Data Protection Framework. The case, brought by French parliamentarian Philippe Latombe, targeted the legality of the agreement but was rejected as too narrow.
Schrems: ‘A copy-paste of old, illegal deals’
Schrems, who successfully challenged earlier data transfer frameworks in the landmark ‘Schrems I’ and ‘Schrems II’ cases, said the General Court’s ruling departs from established case law and overlooks flaws in the new deal. According to him, the protections offered are nearly identical to the previous agreements that were already ruled unlawful by the Court of Justice of the EU (CJEU).
‘This was a rather narrow challenge. We are convinced that a broader review of US law – especially the use of Executive Orders by the Trump administration – should yield a different result,’ Schrems said. ‘While the Commission may have gained another year, we still lack any legal certainty for users and businesses.’
Doubts over us oversight body
A central point of criticism from Schrems and NOYB is the Data Protection Court of Review (DPCR), the US oversight mechanism meant to reassure Europeans. Schrems argued that this body’s independence rests solely on a presidential executive order, not on legislation. He warned that such arrangements are unstable and can be undone at any time.
He compared this situation to how the EU treats judicial independence within its own member states, noting the double standards:
‘We see Trump remove ‘independent’ heads of agencies like the FTC or Federal Reserve. It is very surprising that the EU Court would find an oversight body established only by executive order to be independent. Compared with EU cases on Poland or Hungary, it takes a lot of flexibility to accept this.’
Why it matters
For businesses, the ruling allows data transfers between the EU and US to continue for now. But for civil society and privacy advocates, Schrems’ critique highlights that the current framework may be built on shaky ground. If NOYB launches a broader case, it could again lead to the annulment of the agreement, leaving companies and users in a cycle of uncertainty.
