Facebook sign
Facebook accused of mishandling data collected from European users and transferred to US servers Reuters

A European Court of Justice case beginning 24 March could make major changes to how US technology companies like Facebook transfer and store data collected from European users.

The case, dubbed Europe vs Facebook, centres around what these companies do with data from customers based outside of their native US. Currently, data - often personal and sensitive - is sent to the US servers of Google, Facebook, Microsoft and others, but in doing so the data then becomes the property of the US legal system and is no longer under the jurisdiction of where it was created.

Concerns over how data collected by such companies came to light in 2013, when National Security Agency whistle-blower Edward Snowden claimed the agency was secretly accessing the private data of Facebook users. Snowden published documents revealing industrial-scale collection of data from users in the US and abroad, including millions of internet communication and phone records.

Using a programme called Prism, it was alleged that the NSA could access emails, videos, photographs, phone calls, social networking details, login names and passwords, and other data stored by US technology companies, including Facebook, Microsoft, Skype, Google, YouTube, Yahoo and Apple.

The case poses complex questions surrounding data protection, as under US law the data is protected differently to that held in Europe. The case was brought against Facebook Ireland Limited in the Irish High Court by Austrian law student Max Schrems.

'Adequate protection'

Under EU law, the transfer of data to another country is only legal if the exporting company, in this case Facebook Ireland Ltd, can ensure "adequate protection" for the data once it reaches the US. Schrems claims the current situation lets NSA programmes like Prism play "the exact antithesis" of adequate protection.

If successful, Schrems' case could force major changes to how US tech companies with European subsidiaries handle data collected here, and how it is processed once it reaches the US.

Schrems made a complaint to the Irish data protection commissioner in August 2014, claiming Facebook flouts privacy laws in its pursuit of expanding through commercial success - by selling the data given to it by users to advertisers. The student also claims personal data held by Facebook is no longer protected by European privacy laws because it is transferred to the US.

The case could not be investigated by the Irish High Court because it is covered by Safe Harbour, a legal convention set up in 1999 between Europe and the US which promises to protect EU citizens personal data. The decision was challenged and referred to the European Court of Justice.

Schrems' case has been crowd-funded by more than 2,000 donors who have raised over €60,000 (£44,000, $66,000) for his cause.