Europe's top court today rejected a key European Union tool used to transfer Europeans' personal data across the Atlantic for commercial use but upheld the validity of another tool used by hundreds of thousands of companies to transfer data worldwide.
"The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield," the court said.
"However, it considers that Commission Decision 2010/87 on standard contractual clauses for the transfer of personal data to processors established in third countries is valid."
It is the latest in a series of actions between Facebook and Austrian privacy activist Max Schrems, as well as Irish Data Protection Commission (DPC), that have implications for hundreds of thousands of European and US companies and millions of consumers.
The case arose from an Irish High Court referral on the issue of legal "standard contractual clauses" used by Facebook and other companies to transfer personal data to the United States and other parts of the world, and whether these violate Europeans' fundamental right to privacy.