President Donald Trump’s firing of the Federal Trade Commission’s (FTC) two Democratic commissioners last month may put the future of internet commerce and social media interactions between the U.S. and Europe at risk, internet policy experts say.
Last month, Trump removed Alvaro Bedoya and Rebecca Slaughter from the FTC, which traditionally has three majority-party commissioners and two minority members.
The firing jeopardizes a little-known but vital internet deal between the U.S. and Europe, the EU-US Data Privacy Framework, which allows companies to share and process consumer data across borders.
Should Trump’s firings stand up in court—a strong likelihood according to some regulatory experts—European courts may rule that the FTC is no longer an apolitical body and invalidate the agreement.
That outcome would be a major blow to the many small and large businesses that operate in Europe but use American cloud storage or internet services, potentially forcing them to split their platforms by continent and create two different versions of the same site.
Some companies and business groups are already making contingency plans, experts say.
U.S. and European officials have gone back and forth since at least 2000 on a legal framework to ensure American companies comply with EU data privacy laws when handling Europeans’ data, which have long been more stringent than lax U.S. regulations around big tech.
EU courts invalidated and tweaked agreements several times, but the U.S. and European authorities have settled on a system whereby American companies—both cloud giants like Amazon Web Services and smaller tech firms—certify their compliance with EU law.
The FTC is responsible for that enforcement, but that system only works if the FTC is independent.
In 2023, the European Commission issued a decision that foreign countries had to offer “an adequate level of protection” for consumer data and enforce compliance through an independent authority.
In finding the U.S. met that criteria, the EU cited the FTC’s bipartisan composition and the president’s narrow removal power for commissioners.
“In order to ensure that an adequate level of data protection is guaranteed in practice,” the Commission wrote, “an independent supervisory authority tasked with powers to monitor and enforce compliance with the data protection rules should be in place.”
But Trump’s apparent effort to make the commission less bipartisan and give himself unlimited power to fire commissioners likely means the U.S. no longer meets Europe’s “adequacy” threshold, said Berin Szóka, president of the nonpartisan think tank TechFreedom.
Trump did not offer an official explanation for the removals beyond a letter saying the commissioners’ work was “inconsistent with my administration’s priorities.”
The FTC’s charter requires that no more than three commissioners come from the same party, and a 3-2 split is the norm. But Trump can appoint friendlier Democrats or independents, or slowplay efforts to fill the two seats vacated by Bedoya and Slaughter—a drastic departure from how the commission has typically functioned.
Bedoya and Slaughter last week sued in a legal challenge that could rise to the Supreme Court, where justices will be forced to revisit the 1935 case Humphrey’s Executor v. United States. In that case, the Supreme Court restricted the president’s ability to fire officers from “quasi-legislative or quasi-judicial” agencies like the FTC since they don’t exercise executive branch power.
Experts are skeptical that the Humphrey’s decision will hold up in 2025.
“Today the FTC carries out executive function, and the Supreme Court has said so,” Josh Wright, a Republican former FTC commissioner, told the Daily Dot. “I’m very confident that the first time the Supreme Court gets a chance to apply on this issue, they will decide it in such a way that removes the firing protection.”
Szóka agreed, arguing in a lengthy thread on Bluesky that former FTC chair Lina Khan’s aggressiveness in issuing competition and consumer protection rules “undermined Humphrey’s” by making the FTC a de facto policymaking body and not an enforcement agency.
Beyond the FTC, Trump also removed all Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB), an independent privacy watchdog, in January. PCLOB is another of the imperfect but “adequate” agencies charged with overseeing implementation of the data privacy agreement, with a particular focus on ensuring intelligence agencies can’t misuse Europeans’ personal data.
Chipping away too much at this collection of agencies may force the EU to reevaluate its tack toward American companies, said Max Schrems, an Austrian privacy attorney who has challenged the US-EU agreement multiple times in European court.
“It’s probably time to tell companies to get ready for the time when the [European] Commission will no longer say that everything is fine,” Schrems told the Daily Dot.
What does that actually mean for users of, say, Bluesky or Facebook?
“It could literally mean certain services shutting down,” warned Szóka.
Under the current system, all U.S. companies get blanket approval to self-certify their compliance with EU privacy law. Without the transatlantic agreement, businesses will have to make the case individually to EU authorities when processing Europeans’ data, Szóka explained.
That situation means headaches for companies in both the U.S. and Europe.
“International data transfers to the U.S. are not only a reality for global businesses,” wrote privacy attorneys Jeane Thomas and Jeffrey Poston back in 2023, after the agreement was sealed. “But also for every local EU-based business using digital tools with any type of link to the U.S.”
Smaller companies may not want to deal with the legal risks, Szóka said. Options for American firms could include pulling out of Europe entirely or creating different services for European and American audiences on two separate domains.
Companies are already taking preemptive measures to get ahead of any legal changes, said Schrems, who confirmed he is hearing more executives consider hosting data in Europe rather than the U.S.
And Iris Plöger, a board member at the Federation of German Industries—essentially Germany’s chamber of commerce—recently told the newspaper Handelsblatt that losing the data-sharing agreement “would have devastating consequences for companies.”
It’s too early to tell exactly how European officials will rule on the independence of the FTC or the continued “adequacy” of U.S. data protection in light of Bedoya and Slaughter’s firings.
But social media platforms, tech firms, and even local businesses in Europe are clearly monitoring the situation and wondering how to move forward.
They may soon have a convoluted web of regulatory and legal risks to navigate.
For everyday internet users, though, the ramifications could be pretty simple.
“If you’re used to talking to people in Europe,” Szóka said, that may go away.
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.
