The US Supreme Court's decision in Trump v. Slaughter has thrown the EU-US Data Privacy Framework into legal jeopardy. The court ruled that the Federal Trade Commission's independence violates the unitary executive theory, directly undermining the foundation that the European Commission relied upon for approving transatlantic data flows since 2000.

The European Commission explicitly cited the FTC's independence 259 times in its 2023 adequacy decision, believing this satisfied EU treaty requirements for independent data protection oversight. Privacy activist Max Schrems argues this creates a fundamental legal contradiction, since EU law demands truly independent authorities to protect personal data transferred to third countries.

Previous EU-US data agreements collapsed under similar legal challenges. The 'Schrems I' ruling killed Safe Harbour in 2015, while 'Schrems II' struck down Privacy Shield in 2020, both due to US surveillance laws and inadequate judicial remedies. The current framework largely copied these invalidated approaches despite known constitutional issues.

noyb has formally petitioned the European Commission to repeal the adequacy decision, though the ruling carries no immediate legal effect. Companies using Standard Contractual Clauses or Binding Corporate Rules may still face compliance challenges, as their impact assessments often rely on the same US executive bodies now deemed constitutionally compromised. Legal action before the European Court of Justice could take years to resolve.