Microsoft Joins EU Court Case to Defend US-EU Privacy Rules
Microsoft will intervene in the EU court case challenging the EU-US Data Privacy Framework.
Why it matters: Legal and tech professionals rely on stable cross-border data flows for compliance and operations. Microsoft's involvement signals key legal stakes in data privacy laws affecting EU-US transfers.
- Microsoft authorized to intervene in Latombe v. Commission by the Court of Justice of the European Union (CJEU).
- The case contests the EU-US Data Privacy Framework adopted on July 10, 2023, which governs data transfers from the EU to U.S. firms.
- Framework limits U.S. intelligence access to EU data and creates a Data Protection Review Court for oversight.
- Microsoft warns that blocking data transfers would disrupt its services and those of enterprise customers worldwide.
Microsoft gained permission from the Court of Justice of the European Union (CJEU) to participate in Latombe v. Commission, a case questioning the EU-US Data Privacy Framework's legality. This framework controls data exchanges between EU entities and U.S. companies.
Adopted on July 10, 2023, the framework sets rules that allow data transfers while imposing clear limits on U.S. intelligence agencies’ access to personal data. U.S. access must be necessary and proportionate. The framework also established a new Data Protection Review Court to handle complaints and enforce protections.
Jon Palmer, Microsoft’s Chief Legal Officer, stated, "The court’s decision will impact whether Microsoft and its customers can continue transferring data under this framework." He added that secure data flows are essential for innovation and economic activity while respecting EU and U.S. privacy laws.
Microsoft cautions that if the court restricts data transfers, it would disrupt Microsoft’s and its customers’ operations globally. For legal departments and legal tech teams, this case highlights how regulatory decisions shape compliance strategies and operational risk management related to international data flows.
Independent privacy experts note that the case tests whether recent U.S. privacy assurances meet EU standards for protecting fundamental rights. Its outcome will influence the future of transatlantic data governance and cross-border business practices.
By the numbers:
- July 10, 2023 — Adoption date of the EU-US Data Privacy Framework
- One — The new Data Protection Review Court established for enforcement
- 2026-06-28 — Date Microsoft announced CJEU authorization to intervene
Yes, but: Some privacy advocates argue that the framework's safeguards, including the Data Protection Review Court, may not fully prevent overbroad U.S. intelligence access, keeping the legal outcome uncertain.
What's next: The CJEU will schedule hearings for the Latombe v. Commission case later in 2026, with a ruling expected to clarify the framework's future.