[JURIST] The European Court of Justice (ECJ) [official website] ruled [press release, PDF] Tuesday that EU user data transferred to the US by various technology companies is not sufficiently protected. The case was brought by Austrian Max Schrems [BBC backgrounder] who argued that US law does not provide sufficient protection against the surveillance of data transferred to US servers. The ruling invalidates the “Safe Harbor” rules [backgrounder] that have spurred controversy in the wake of the Edward Snowden [JURIST backgrounder] leaks. The ECJ found that the Safe Harbour scheme, “thus enables interference, founded on national security and public interest requirements or on domestic legislation of the United States, with the fundamental rights of the persons whose personal data is or could be transferred from the European Union to the United States.” The ruling is a blow to US technology companies like Twitter, Facebook and Uber, which have already have a huge presence in Europe.

Online privacy has become a matter of increasing concern around the world in recent years amidst the Snowden controversy. In June the Belgian Privacy Commission [official website] sued Facebook for alleged violations [JURIST report] of Belgian and European privacy laws. In March 92 non-governmental organizations from around the world issued a statement [JURIST report] calling on the UN Human Rights Council to institute a Special Rapporteur on Privacy. Also in June the District Court of The Hague struck down [JURIST report] a Dutch data retention law, holding that it violates privacy rights of EU citizens. In July 2014 former UN High Commissioner for Human Rights Navi Pillay expressed concern [JURIST report] over the widespread lack of transparency in governmental digital surveillance practices.