Facebook and other big tech companies have just lost big time in Europe.
They might soon be forced to radically change the way they deal with user data after the European Union’s top court ruled Tuesday that they can’t simply hand it over to U.S. authorities.
The court declared invalid a 2000 deal that allowed Facebook and other tech firms to transfer users’ data in huge quantities to their servers in the U.S., because it was considered safe. More than 4,000 companies, including giants like Google and Amazon, are thought to be taking advantage of the deal.
But the European Court of Justice ruled in favor of Austrian law student Max Schrems. He had complained about the way Facebook transfers his personal data to the U.S., where it can be accessed by authorities with little respect for his privacy.
He used documents exposed by the Wikileaks whistleblower Edward Snowden, and his allegations of mass spying by the U.S. intelligence services, to illustrate the problem.
Schrems called the decision “a major blow for U.S. global surveillance that heavily relies on private partners.”
Schrems’ complaint was first dismissed by the authorities in Ireland, where Facebook has its European base, because the data was covered by the transatlantic “Safe Harbor” agreement.
But the court said Tuesday individual EU member countries are now required to investigate such complaints independently, and should have the right to ban U.S. companies from transferring data in the future.
Facebook has not yet commented on the ruling.