The impact of the Trump administration on international data transfers

The early actions of the Trump administration have already raised concerns about the future of international data flows. While there has been no immediate legal upheaval, recent executive orders signal a potential dismantling of the established EU-US Data Privacy Framework (DPF) that has enabled transatlantic data transfers, a framework increasingly relied upon not only by tech giants, but also by research institutions, clinical trial networks and hospital systems that rely on secure data exchanges.

Forged after hard-fought negotiations that followed setbacks with mechanisms such as Safe Harbor and Privacy Shield, the DPF now appears vulnerable under President Trump's leadership. A major red flag is the series of executive orders issued in the early days of the Trump administration. These orders aim to reverse the policies of the previous administration and signal a new emphasis on domestic priorities, in particular national security and economic sovereignty. In this context, European privacy advocates have warned that a weakening of US safeguards could trigger a domino effect, forcing the European Commission to reassess the applicable adequacy decision that underpins international personal data transfers to the US, a situation that could have a ripple effect on data sharing practices critical to laboratories and multi-centre clinical trials.

If the worst-case scenario unfolds and the DPF collapses, the consequences would be swift and severe. Without the Framework's guarantee of an adequate level of protection —as required by the General Data Protection Regulation (GDPR)— organisations could find themselves in a legal limbo. In such a scenario, companies, as well as hospitals handling sensitive patient data and laboratories managing critical research information, may have no choice but to revert to alternative mechanisms, in particular Standard Contractual Clauses (SCCs). This re-adoption of the SCCs would mirror the disruption experienced after the collapse of the Privacy Shield, requiring organisations to reconfigure their data transfer practices.

Looking ahead, the evolution of international data transfers under the Trump administration will depend on the ability of US regulators to balance domestic priorities with international obligations. Both US and European authorities will need to engage in proactive dialogue to update and refine legal instruments, ensuring that they remain fit for purpose in a rapidly changing digital landscape. Failure to strike this balance could force organisations to revert to a patchwork of legal instruments, with SCCs playing a central —and often cumbersome— role.

Despite the gloomy outlook, there are advocates on both sides of the Atlantic who support a balanced approach to data governance. They argue that while national security is undeniably important, it should not come at the expense of the openness that drives global innovation in sectors as critical as life sciences. In this view, the protection of personal data —including sensitive information used in medical research and hospital operations— should be based on realistic risk assessments and proportionate safeguards, rather than absolute bans that lead to digital isolation. Enhanced international cooperation and dialogue are essential if we are to avoid a fragmented digital future that could hinder collaborative breakthroughs in clinical research and laboratory-based innovation.