>There’s a new EU-US data framework that’s expected to be ratified within a year which should make EU-US transfers possible again under new guidelines.
Until it's struck down by the court again.
The agreement will not - it cannot - satisfy the requirements of the GDPR and CFR unless and until the US changes its law.
No. For one, even taken literally the way I wrote it it's about two different sets of people -- the EU must defend their citizens (and residents, BTW), of course!
For another, if one looks past my vague wording, the EU (or at least Germany, which I'm most familiar with) doesn't have the dogma that it's required to set up a world spanning total surveillance state, no compromises beyond the ones absolutely necessary with their own constitution (and even those are followed within a rather "liberal" framework for the three-letter-agencies: they do have all possible data they can get their hands on, just pinky-promise to not abuse it, if US citizens are impacted, in the eyes of secret courts).
EU does no require a warrant for taking of data from residents [0] by LE. There is little legal protection from LE in Europe, "law enforcement agencies can access the personal data of citizens of any country as long as they are involved in investigating crimes related to the European Union."
GDPR (and the national laws it replaced) does not exist in a vacuum, but is an implementation of ECHR art. 8, and CFREU art. 7 and 8. If it is changed, odds are it will become stronger, not weaker. And it is quite foolish to think the CFR will be changed to accommodate companies like Meta.
Until it's struck down by the court again.
The agreement will not - it cannot - satisfy the requirements of the GDPR and CFR unless and until the US changes its law.