EU-U.S. Data Privacy Framework Survives European Court Challenge - Articles

Articles

Stay at the forefront of the consumer insights and analytics industry with our Thought Leadership content. Here you’ll find timely updates on the Insights Association’s advocacy efforts, including the latest legislative and regulatory developments that impact how we work. In addition, this section offers expert perspectives on innovative research techniques and methodologies, as well as valuable analysis of evolving consumer trends. Together, these insights provide a trusted resource for professionals looking to navigate change, elevate their practice, and shape the future of our industry.

EU-U.S. Data Privacy Framework Survives European Court Challenge

EU-U.S. Data Privacy Framework Survives European Court Challenge

The European Court of Justice (CJEU) recently dismissed a case brought against the new mechanism for trans-Atlantic data transfers, the EU-U.S. Data Privacy Framework (DPF). Insights work can continue unimpeded as a result.

On September 3, 2025, the CJEU dismissed the case of Latombe v. Commission, “an action for annulment of the new framework for the transfer of personal data between the European Union and the United States.” According to the court, the decision “confirms that, on the date of adoption” of the DPF on July 10, 2023, “the United States of America ensured an adequate level of protection for personal data transferred from the European Union to organisations in that country.”

Had the case moved forward, the DPF would have faced challenges and potential rejection, imperiling insights work, as happened with predecessor agreements (Privacy Shield and Safe Harbor).

A company's self-certification of compliance with the EU-U.S. DPF Principles through the U.S. Department of Commerce and appearance on the public Data Privacy Framework List maintained by Commerce demonstrates to European organizations and consumers a serious commitment on the part of the company to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse. Insights companies find this self-certification to be a less-burdensome alternative to the standard contractual clauses (or to no option at all) for legal trans-Atlantic data transfers.

While joining the Insights Association’s DPF Services Program (providing an independent dispute resolution) is voluntary, once an eligible company self-certifies its compliance and makes the public commitment to adhere to the DPF Principles, the commitment will become enforceable under U.S. law. Research and data analytics companies that participate in the Department of Commerce’s DPF Program are obligated to protect the personal data of Europeans received under the relevant part(s) of the DPF Program.

Not yet part of the Insights Association’s Data Privacy Framework program? Join today.

Bring your questions to Juliana Wood.

Related

Share

Login

Members only Article - Please login to view
  • Back to top