Top European court backs student in Facebook data sharing privacy case

A deal that allows tech giants such as Facebook and Google to send personal data from Europe to the U.S. has been ruled invalid by the EU Court of Justice. The court ruled that the key agreement is invalid as “Country does not afford an adequate level of protection". EU data protection laws are among the toughest in the world and forbid EU citizens’ data being exported to countries outside the EU without adequate levels of protection. Student Max Schrems launched the case following revelations two years ago by former U.S. National Security Agency contractor Edward Snowden about the NSA’s surveillance programs.

American companies are going to have to restructure how they manage, store and use data in Europe and this take a lot of time and money.

Mike Weston, CEO of data science consultancy Profusion

Schrems complained to the data protection commissioner in Ireland, where Facebook has its European headquarters, that U.S. law doesn’t offer sufficient protection against surveillance of data transferred by the social media company to servers in the United States. Irish authorities initially rejected his complaint, pointing to a 2000 decision by the EU’s executive Commission that, under the so-called “safe harbor” deal, the U.S. ensures adequate data protection. On Tuesday, the European Court of Justice ruled that decision by the Commission invalid. It said the effect is that the Irish data commissioner will now be required to examine Schrems’ complaint “with all due diligence.”

This is extremely bad news for EU-US trade. Thousands of US businesses rely on the Safe Harbor as a means of moving information to the US from Europe.

Richard Cumbley, Global Head of Technology, Media and Telecommunications at Linklaters LLP

Business Facebook data