How a Facebook user complaint could change European data privacy

A case against Facebook being heard at the European Court of Justice could transform data privacy across the entire EU.

The lawsuit, brought by Austrian Facebook user Maximilian Schrems, focuses on what US companies do with data from customers based outside the US.

His complaint seeks to stop US spies from accessing the private data of EU citizens. 

Screms said on a website he set up to publicise the case that "large internet companies (in the current case Facebook) have, pursuant to US law, allowed the US government to access European user data on a mass scale for law enforcement, espionage and anti-terror purposes."

"Aiding these forms of US mass surveillance' may, however, violate EU privacy laws and fundamental rights."

Schrems made contact with the Irish data regulator in August last year regarding the matter, arguing that the social network, whose European headquarters is based in Dublin, had contravened privacy laws.

The case was then referred onto the European court by the Irish High Court.

The current situation puts data that isn't on US servers, but belong to US companies, within the reach of the US legal system and thus no longer under the jurisdiction of where the data was created.

At the heart of the case is the "Safe Harbor" legislation, a legal mechanism for US firms to comply with the EU Directive for the Protection of Personal Data.

Schrems alleges that data processed by Facebook is unprotected once it lands on US soil.

The privacy activist said that he wants Safe Harbor to be cancelled and requested that the Irish Data Protection Commission to audit exchanges of information between the EU and the US via technology companies.

If successful, any ruling would mean US companies must take greater care to ensure user data created in Europe does not end up with non-EU intelligence agencies.