Europe’s top court, the Court of Justice of the European Union (CJEU), has struck down the 15-year-old Safe Harbour agreement that allowed the free flow of information between the US and EU. The most significant repercussion of this ruling is that American companies, such as Facebook, Google, and Twitter, may not be allowed to send user data from Europe back to the US.
It’s important to note that the CJEU’s ruling (PDF) will not immediately prevent US companies from sending data back to the motherland. Rather, the courts in each EU member state can now rule that the Safe Harbour agreement is illegal in their country. It is is very unlikely, however, that a national court would countermand the CJEU’s ruling in this case.
The case was originally sent to the CJEU by the High Court of Ireland, after the Irish data protection authority rejected a complaint from Maximillian Schrems, an Austrian citizen. He had argued that in light of Snowden’s revelations about the NSA, the data he provided to Facebook that was transferred from the company’s Irish subsidiary to the US under the Safe Harbour scheme was not, in fact, safely harboured. Advocate General Yves Bot of the CJEU agreed with Schrems that the EU-US Safe Harbour system did not meet the requirements of the Data Protection Directive, because of NSA access to EU personal data.