Europe just dealt a massive blow to American technology companies

In a landmark ruling that will have far-reaching repercussions, Europe’s highest court has ruled that data sharing between the EU and US under the Safe Harbour framework is invalid. The decision in the Max Schrems case on Tuesday morning has been anticipated for months, but now legal eagles will have to work out how to manage the situation. Safe Harbour is a fig-leaf agreement set up 16 years ago to create a way for US businesses to transfer EU citizens’ personal data to the US even though American data protection laws are not up to the European standard. Following the revelations by rogue sysadmin Edward Snowden that US businesses were being compelled to hand over personal data under the Prism programme, Austrian law student Schrems complained to the Irish data protection commissioner – Facebook’s EU operations are head-quartered in Ireland – that his privacy rights were being violated. The Irish data protection authority (DPA) refused to act on the grounds that the social network is signed up to Safe Harbour/Harbor – a voluntary scheme whereby companies promise to protect EU personal data. Undeterred, Schrems took his case to the Irish High Court which referred it to the European Court of Justice (ECJ).