On January 27, 2025, the White House announced the removal of Democratic members from the Privacy and Civil Liberties Oversight Board (PCLOB), an independent agency responsible for ensuring transparency and accountability in U.S. surveillance practices. The dismissal of these members, including the Chair, has left PCLOB without a quorum, hindering its ability to take formal action.
Department of Government Efficiency (DOGE), led by Elon Musk, had been granted increased access to sensitive government databases.[1]
These developments, among others, have intensified scrutiny over data security and oversight within the U.S. government, raising alarm among EU policymakers regarding potential risks to European citizens’ personal data.
With transatlantic data transfers already under a fragile truce, these latest developments could be the spark that reignites a regulatory firestorm.
The EU’s cyclical approach to transatlantic Data Transfers
Transatlantic data transfers have historically been a recurring issue for EU regulators—rising and falling in priority depending on political and legal developments. In recent months, the focus had shifted toward broader digital sovereignty concerns, particularly through initiatives like the European Cloud Certification Scheme (EUCS). However, the Trump administration’s return to power signals a sharp turn back toward more aggressive scrutiny, reviving questions about the reliability of U.S. safeguards.
European Parliament’s response to U.S. oversight changes
On February 5, 2025, MEP Raquel García Hermida-Van Der Walle submitted a formal parliamentary inquiry addressing U.S. data privacy policies. She questioned whether the European Commission acknowledges the concerns surrounding PCLOB’s independence and whether it would consider suspending the 2023 adequacy decision for data transfers from the EU to the US (the EU-US Data Privacy Framework) until the board is fully reinstated as an independent body.
The PCLOB plays a crucial role in overseeing U.S. intelligence agencies, especially those operating under the Foreign Intelligence Surveillance Act (FISA) Section 702. Its independence was a central pillar of the European Commission’s adequacy decision, and its current paralysis could force European regulators to reconsider whether U.S. safeguards remain ‘essentially equivalent’ to EU standards. With its effectiveness now in doubt, European authorities could reassess whether U.S. data protection mechanisms remain reliable.
The Chair of the Committee on Civil Liberties, Justice, and Home Affairs (LIBE), Javier Zarzalejos urged the Commission to clarify whether these U.S. o
