LUXEMBOURG—Facebook and thousands of other companies could find it vastly more complicated to do business in Europe after a court ruled that personal data sent to U.S. servers is potentially unsafe from government spying.
Some 4,500 companies have long been able to store users’ personal data—everything from status updates and photos to personal information like bank details and home addresses—where they see fit, often in the United States.
That could change after Europe’s top court on Tuesday declared invalid a 15-year-old pact allowing the unfettered transfer of personal data outside the European Union’s 28 countries.
The case was brought by an Austrian law student in the wake of revelations by former U.S. National Security Agency contractor Edward Snowden of the extent of the NSA’s surveillance programs.
Max Schrems complained that U.S. law doesn’t offer sufficient protection against surveillance of data transferred by Facebook to servers in the United States.
The verdict could have far-reaching implications for companies operating in Europe.
