Facebook sign
EU court ruling threatens how Facebook freely transfers data between European users and US servers Reuters

A crowd-funded lawsuit brought by an Austrian law student could cause major changes with how Facebook and other US companies handle UK and European data. The European Court of Justice has ruled Safe Harbour − a way for US companies to transfer data from abroad without complying with other country's laws − as invalid.

Established in 2000, the US Safe Harbour Decision allowed the passage of data between servers in the Europe and US without the need to address differing legal frameworks. Facebook, Twitter, Google and some 4,000 other companies use Safe Harbour to transfer user data without breaking laws on either side of the Atlantic.

Facebook's use of Safe Harbour was the subject of a lawsuit filed against Facebook Ireland Limited in 2012 by Austrian law student Max Schrems. Schrems' case has been crowd-funded by more than 2,000 donors who have raised over €60,000 (£44,000, $67,000) for his cause. The Court of Justice said Safe Harbour did not eliminate the need for European data watchdogs to check that adequate measures to protect data created here are in place.

'This case is not about Facebook'

Facebook has denied any wrongdoing. A spokesman said: "This case is not about Facebook. What is at issue is one of the mechanisms that European law provides to enable essential transatlantic data flows. Facebook, like many thousands of European companies, relies on a number of the methods prescribed by EU law to legally transfer data to the US from Europe, aside from Safe Harbour."

Currently, data − often personal and sensitive − is sent to the US servers of Google, Facebook, Microsoft and over 4,000 other companies, but in doing so the data then becomes the property of the US legal system and is no longer under the jurisdiction of where it was created.

NSA spying and Prism

Concerns over how data is collected by such companies came to light in 2013, when National Security Agency whistleblower Edward Snowden claimed the agency was secretly accessing the private data of Facebook users. Snowden published documents revealing industrial-scale collection of data from users in the US and abroad, including millions of internet communication and phone records.

Using a programme called Prism, it was alleged that the NSA could access emails, videos, photographs, phone calls, social networking details, login names and passwords and other data stored by US technology companies, including Facebook, Microsoft, Skype, Google, YouTube, Yahoo and Apple.

Under EU law, the transfer of data to another country is only legal if the exporting company, in this case Facebook Ireland Ltd, can ensure "adequate protection" for the data once it reaches the US. Schrems claims the current situation lets NSA programs like Prism play "the exact antithesis" of adequate protection. By ruling Safe Harbour as invalid, the EU's stance could force major changes to how US tech companies with European subsidiaries handle data collected here, and how it is processed once it reaches the US.

Facebook has told IBTimes UK that it will be in touch with a comment on the ruling shortly.

More from the technology desk
Facebook faces EU Court of Justice over user data misuse in wake of Prism spying scandal
Facebook Will Face 25,000 Users in European Courts over Privacy Breach Claims
Class action suit against Facebook over privacy violations in Europe set to begin in Vienna
Kaspersky: Smartphones rot your brain and kill your memories
Disney develops augmented reality app that turns coloured drawings into 3D animations
Quantum computing: Breakthrough paves way for first ever silicon quantum computer processor
Samsung keen to patent Google Glass-like invention that lets users interact with 3D images in mid-air
Twitter: Jack Dorsey named CEO after Dick Costolo exit
VR vs AR: Virtual reality pioneers Oculus looking into augmented reality tech
John McAfee: Forget gun control, EMP attack would wipe out 90% of US population within 2 years
Facebook Twitter Google