In 2011, a 24-year-old Austrian law student filed a complaint against Facebook alleging nearly two dozen violations of European laws that protected his data. Now, Max Schrems' case has morphed into a class-action lawsuit against the social media giant and led to a judgment Tuesday by the EU's highest legal authority that an international agreement between the US and the EU to send citizens' digital data back and forth between the two entities is null, the New York Times reports. "The Court of Justice declares that the Commission's US Safe Harbor Decision is invalid," a statement from the court reads, referring to a data-sharing agreement set up in 2000 to help US tech companies cull customer data from European clients. Without Safe Harbor, personal data transfers overseas are now forbidden except via costly (in price and time) means, per Reuters.
"This is extremely bad news for EU-US trade," a tech and telecommunications head at the Linklaters law firm tells Reuters. "Without Safe Harbor, [businesses] will be scrambling to put replacement measures in place." Schrem was spurred to file his complaint after Edward Snowden revealed the NSA's Prism program gave the US authority to scour user data from tech giants such as Facebook, Google, and Apple, notes Reuters. The high court's decision underscores the differences in how the US and the EU view their citizens' privacy, with the US treating it more like a "consumer protection issue," while in the EU, data privacy is "almost on a par with such fundamental rights as freedom of expression," the Times notes. The US and the EU have been hammering at a new agreement that would give Europe more influence on how citizens' data is used, and this latest development will up the pressure to complete it, the Times notes.