The Court of Justice of the EU determined on 6 October 2015 that the data flows between the EU and the US can no longer take place by virtue of the Safe Harbour Agreement. Facebook user Max Schrems had lodged a complaint before the Irish Data Protection Commissioner to check the level of protection of personal data afforded by the US. In light of the Snowden revelations, Schrems entertained serious doubts whether US companies such as Facebook sufficiently protected personal data transferred from its EU subscribers to servers located in the US.

The EU Court agreed with Schrems holding that the Safe Harbour Agreement is flawed and does not adequately protect the fundamental right to private life and protection of personal data of EU citizens. The Court calls on the Commission which had examined the Safe Harbour Agreement in July 2000 to re-negotiate the legal framework under which personal data can be transferred to the US.

In view of the ease with which personal data can nowadays be compiled, compared and cross-linked, the Court is sending a clear signal in support of privacy and the protection of personal data. This is all the more important in a new digital economy in which big data including personal data has become a key asset. It will be challenging to reconcile the interests of stakeholders and realise the potential of big data while providing legal safeguards for data subjects.

A detailed analysis of the case can be found here.

The judgment is available here.