The case began when Austrian privacy activist Max Schrems called out Facebook's desire to move data stored in its Irish data center over to the US following Edward Snowden's NSA surveillance leaks. The Irish courts dismissed the action citing the Safe Habor agreement, leaving him to lodge an appeal with the European Court of Justice. While he waited for a decision, Schrems received backing from Yves Bot, Advocate General of the ECJ, who agreed that Safe Harbor was dangerous and not binding.
With all past data-sharing agreements now deemed invalid, individual regulators now have the power to decide what happens with data stored in their countries. Ireland, for example, must now "examine, with complete independence, whether the transfer of a person's data to a third country complies with the requirements laid down by the directive."
"Legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life," the court adds.
What must companies like Google, Facebook and Twitter do now? It's not yet known how this will affect the flow of data between countries, but we do know that authorities can question the need for such a process and possibly request that all user data is stored locally, rather than in the US. More than 4,000 European and American companies are affected, so it's not a small judgement. However, the European Union and the US are in negotiations over a new agreement, one that could give Europe far more control over what companies, but also security agencies, have access to.
[Image credit: mpd01605, Flickr]