July 16 (UPI) — The European Union’s top court on Thursday invalidated an arrangement under which social media companies like Facebook can transfer personal data of EU residents to the United States.
The European Court of Justice ruled in favor of Austrian privacy activist Max Schrems, who argued the surveillance powers of the U.S. government, first revealed seven years ago in the Edward Snowden case, puts data privacy of European Facebook users at an unacceptable risk.
Schrems had first complained to the Irish Data Protection Commissioner about the transfer of his data by Facebook for processing in the United States in 2013.
The complaint came after Snowden, a former National Security Agency contractor, leaked information about the U.S. government’s Prism program, under which private user information was collected directly from big tech companies such as Facebook.
Schrems asserted that the “Privacy Shield” framework — an international agreement used by U.S.-based social media companies to enable the transfer of Europeans’ data across the Atlantic — is invalid under the terms of the EU’s General Data Protection Regulation.
The Luxembourg-based court agreed, meaning social media companies seeking to transfer European residents’ data abroad must now guarantee the same level of privacy protections as that provided in the European bloc.
The court held that “requirements laid down for such purposes by the GDPR concerning appropriate safeguards, enforceable rights and effective legal remedies must be interpreted as meaning that data subjects whose personal data are transferred to a third country pursuant to standard data protection clauses must be afforded a level of protection essentially equivalent to that guaranteed within the EU.”
The ruling is considered a blow to Facebook and other U.S.-based companies seeking to access personal data in the EU.
“I am very happy about the judgment,” Schrems said in a statement. “It seems the court has followed us in all aspects. This is a total blow to the Irish DPC and Facebook. It is clear that the U.S. will have to seriously change their surveillance laws, if U.S. companies want to continue to play a major role on the EU market.”