How a Facebook user complaint could change European data privacy
European Court of Justice begins hearing on US accessing data stored in EU


A case against Facebook being heard at the European Court of Justice could transform data privacy across the entire EU.
The lawsuit, brought by Austrian Facebook user Maximilian Schrems, focuses on what US companies do with data from customers based outside the US.
His complaint seeks to stop US spies from accessing the private data of EU citizens.
Screms said on a website he set up to publicise the case that "large internet companies (in the current case Facebook) have, pursuant to US law, allowed the US government to access European user data on a mass scale for law enforcement, espionage and anti-terror purposes."
"Aiding these forms of US mass surveillance' may, however, violate EU privacy laws and fundamental rights."
Schrems made contact with the Irish data regulator in August last year regarding the matter, arguing that the social network, whose European headquarters is based in Dublin, had contravened privacy laws.
The case was then referred onto the European court by the Irish High Court.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The current situation puts data that isn't on US servers, but belong to US companies, within the reach of the US legal system and thus no longer under the jurisdiction of where the data was created.
At the heart of the case is the "Safe Harbor" legislation, a legal mechanism for US firms to comply with the EU Directive for the Protection of Personal Data.
Schrems alleges that data processed by Facebook is unprotected once it lands on US soil.
The privacy activist said that he wants Safe Harbor to be cancelled and requested that the Irish Data Protection Commission to audit exchanges of information between the EU and the US via technology companies.
If successful, any ruling would mean US companies must take greater care to ensure user data created in Europe does not end up with non-EU intelligence agencies.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
European Commission calls for cyber security proposals
News With a special focus on healthcare, the Commission is looking to allocate €145.5 million
-
Forcing Apple to allow alternative app stores might cause major security risks
Analysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Why bolstering your security capabilities is critical ahead of NIS2
NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
New EU vulnerability disclosure rules deemed an "unnecessary risk"
News The vulnerability disclosure rules in the Cyber Resilience Act could also cause a “chilling effect” on security researchers
-
Are you ready for NIS2?
WEBINAR Find out what you should be doing to prepare for the EU’s latest data protection regulation and UK equivalent with our free webinar
-
EU regulators are digging their heels in despite big tech’s Data Act pushback
Analysis EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen