Shutterstock
Background information

FTC under Trump’s control: is European data at risk?

Florian Bodoky
2.7.2026
Translation: Jessica Johnson-Ferguson

A court ruling on the Federal Trade Commission (FTC) risks undermining the agreement on EU–US data transfers. Data protection advocates warn that if the regulator is no longer independent, the legal basis for these transfers will be on shaky ground.

Data transfers between Europe and the US are coming under scrutiny from data protection authorities. The trigger for this is a ruling by the US Supreme Court in the case of Trump vs Slaughter, which has significantly expanded the president’s influence over the FTC. This could have serious consequences for the current EU–US data transfer framework, as the European Commission explicitly requires the FTC to be independent. That independence is now in doubt due to the influence the Supreme Court has granted the President of the United States.

What’s this case about?

In March 2025, Donald Trump fired FTC commissioner Rebecca Slaughter along with one of her colleagues. Under the FTC Act, this would normally be permitted only if there’s been a serious neglect of duty or misconduct in office, as is stated in the opening paragraph of the 1935 Federal Trade Commission Act (FTC Act). However, this didn’t apply in the case of Slaughter’s dismissal. Trump merely said that Slaughter’s work was «inconsistent with the administration’s priorities.» Slaughter, however, suspected that the real reason was her membership of the Democratic Party. The District Court initially ruled in her favour.

However, after the Trump administration appealed the ruling to the Supreme Court, the tide turned and the Supreme Court issued a ruling in the administration’s favour. The Court held that the 1935 provision no longer applies in its current form, because FTC commissioners exercise «executive power», which puts them under presidential authority. Consequently, Congress may not prevent the president from removing agency heads at will. The ruling strengthens the president’s power over independent agencies.

How this affects EU–US data transfer

Since 2023, the EU–US Data Privacy Framework (DPF) has governed the transfer of personal data between companies on both sides of the Atlantic. It’s intended to enable European companies to lawfully transfer data to US service providers – such as Cloud providers or other tech companies. The European Commission approved the agreement based on an adequacy decision (page in German). One of the requirements is that the US provides data protection that’s essentially equivalent to that in the EU. So if a big tech company, such as Meta or Microsoft, breaches the DPF’s rules, the FTC is expected to take enforcement action.

Former FTC Commissioner Rebecca Slaughter lost the case.
Former FTC Commissioner Rebecca Slaughter lost the case.
Source: Wikimedia

According to data protection organisation Noyb, the US no longer fulfils this requirement following the ruling, as Trump’s potential influence puts European interests at risk.

US decisions already derailed earlier frameworks

The dispute over data transfers between Europe and the US isn’t new. The European Court of Justice already declared two previous frameworks invalid. In 2015, it overturned the Safe Harbor Agreement. Five years later, it also declared the successor Privacy Shield invalid. The decisive factors for the ruling were the US intelligence agencies’ surveillance powers and the lack of legal recourse for users in Europe. Noyb is now calling on the European Commission to withdraw the adequacy decision and prepare for new legal action.

What this means in concrete terms

Nothing will change immediately. The EU–US Data Privacy Framework remains in effect. For the time being, companies can continue to transfer personal data to the US and store it there, as they have done under the existing agreement. Here’s an example: KittyKat Ltd. based in Smalltown sells cat accessories. Customer Daniel E. purchases a scratching post, basket, bowls and a few other items from them. His personal data, including his address, order history, customer number and the like, are processed by KittyKat Ltd. who use Microsoft 365 and store it on OneDrive. This data is then stored on a Microsoft server in the US. If the European Court of Justice or the European Commission were to rule that the data transfer agreement no longer meets the requirements, Microsoft would have to present other legal and recognised safeguards. If not, KittyKat Ltd. would have to find alternative ways to process, transmit and store data – for example, in an EU member state. This would apply not only to the Cloud, but also to customer lists kept in Excel or e-mails transferred via Outlook. As long as this data is synchronised or processed by Microsoft services, this would affect the transfer of data to the US. Whether this will be the case remains to be seen.

What does Switzerland say?

According to Article 16, Paragraph 1 of the Data Protection Act, «data may be disclosed abroad if the legislation of the destination country guarantees an appropriate level of protection». This is the case in the countries listed here. Switzerland doesn’t generally consider the level of data protection in the US to be adequate.

That’s why there’s also been a Swiss–US Data Privacy Framework in place for two years. It’s closely modelled after the European Union’s. Swiss companies are only allowed to transmit personal data to the US without additional safeguards if the US company is certified in Switzerland under the provisions of the Framework. You can view these under the Data Privacy Framework List. The list includes big tech companies such as Google and Microsoft as well as small and medium-sized enterprises from the US. However, the Federal Council hasn’t yet commented on the ruling.

Header image: Shutterstock

18 people like this article


User Avatar
User Avatar

I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue. 


Network
Follow topics and stay updated on your areas of interest

Computing
Follow topics and stay updated on your areas of interest

Background information

Interesting facts about products, behind-the-scenes looks at manufacturers and deep-dives on interesting people.

Show all

These articles might also interest you

12 comments

Avatar
later