A major agreement governing the transfer of EU citizens’ data to the United States has been struck down by the European Court of Justice (ECJ).
The EU-US Privacy Shield let companies sign up to higher privacy standards, before transferring data to the US.
But a privacy advocate challenged the agreement, arguing that US national security laws did not protect EU citizens from government snooping.
Max Schrems, the Austrian behind the case, called it a win for privacy.
“It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role in the EU market,” he said.
US Secretary of Commerce Wilbur Ross said his department was “deeply disappointed” by the decision.
He said he hoped to “limit the negative consequences” to transatlantic trade worth $7.1 trillion (£5.6tn).
What happens next?
The EU-US Privacy Shield system “underpins transatlantic digital trade” for more than 5,300 companies. About 65% of them are small-medium enterprises (SMEs) or start-ups, according to University College London’s European Institute.
Affected companies will now have to sign “standard contractual clauses”: non-negotiable legal contracts drawn up by Europe, which are used in other countries besides the US.
They are already used by many big players.Microsoft, for example,has issued a statement saying it already uses them and is unaffected.
The last time a major deal like this wa