EC, ICO Quiet on Musk Data Access; Danish Warn Future of EU-US Data Flow Pact Unclear

Asked if the fact that Americans' personal data is no longer secure has implications for data flows between the U.K. and U.S., the EC said it doesn't comment on such reports.

Meanwhile, the ICO said in an email: "As the UK’s data protection regulator, our role is to ensure that the personal data of people in the UK is protected. We encourage anyone with specific concerns to report them to us." It referred to its guide for international transfers.

In its statement, the Danish privacy watchdog urged Danish companies and other organizations to "make concrete plans on how they can free their operations from American cloud services such as Microsoft and Google."

The DPF allows European companies and organizations to use U.S. cloud services legally, the DPA said. "But with Trump as president, the future of the framework is uncertain. Trump threatens to review all of former President Joe Biden's national security decisions within the next 35 days, including the executive orders necessary for the framework's survival."

Even if Trump tears up Biden's order, that doesn't mean the DPF is automatically repealed, the DPA said. Only the EC can make that decision, but if a presidential order removes the basis of the data flow agreement, it will change the EC's assessment of the pact. The EC must then make a fresh assessment of protections for European citizens and, if necessary, revoke the U.S.'s adequacy decision.

If the DPC is thrown out, the Danish authority said, all businesses will have to find another way to transfer personal data to the U.S.