Europe’s Highest Court Says Facebook Doesn’t Stop State Spying

The European Court of Justice has ruled that U.S. Facebook-operated data storage systems are “invalid,” after Edward Snowden revealed that the information of European social network users was not protected against U.S. state surveillance.

The European court found that the Safe Harbor Agreement between Europe and the U.S., to protect the personal data of European Union citizens, falls short of the EU’s data protection directives.

The decision by Europe’s highest justice in Luxembourg may oblige companies involved to leave the continent.

RELATED: #HackedTeam & Colombia: How Surveillance Helps a Violent State

“The United States ... scheme thus enables interference, by United States public authorities, with the fundamental rights of persons…” the court, whose decisions are binding on all EU member states, ruled.

The court’s decision is likely to send shockwaves through the U.S. technology and Internet sectors, with millions of data of their EU clients installed in a virtual cloud in the U.S.

RELATED: Net Neutrality: The End of the Internet as We Know it?

The transfers of data made in the last 15 years were made without sufficient guarantees, the court said, with a legal framework that is now de-authorized.

The ruling is a triumph for Austrian data-protection advocate, Maximilian Schrems, who was prompted by Edward Snowden’s National Security Agency revelations, to bring a case against Facebook in Ireland.

“The safe harbor decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals,” the ruling states.

“... This judgment has the consequence that the Irish supervisory authority is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data.”

RELATED: The Revolutionary Act of Telling the Truth by John Pilger

However, though Facebook was the main target of the original action, experts suggest that it will not be large companies like the social media site, or Google to be badly affected by the ruling.

“American companies are going to have to restructure how they manage, store and use data in Europe and this take a lot of time and money,” Mike Weston, CEO of the data science consultancy Profusion told the Guardian.

“The biggest casualties will not be companies like Google and Facebook because they already have significant data center infrastructure in countries like the Republic of Ireland, it will be medium-sized, data-heavy tech companies that don’t have the resources to react to this decision.”