The European Court of Justice (ECJ) has begun hearing evidence in a case relating to Facebook, PRISM and the ownership of online data that could have far-reaching consequences for data protection and EU-US relations.
The case was passed to the ECJ by the Irish courts last summer after Austrian privacy campaigner Max Schrems brought a claim against Facebook saying that it had passed information on users to the US National Security Agency (NSA).
The allegations came to light as part of the fallout from the PRISM campaign that was leaked by NSA whistleblower Edward Snowden.
Schrems argues that Facebook passing on data from European citizens contravenes ‘safe harbour’ principles that should keep such data in the EU.
“Large internet companies (in the current case Facebook) have, pursuant to US law, allowed the US government to access European user data on a mass scale for law enforcement, espionage and anti-terror purposes,” he wrote on the Europe-vs-Facebook page set up to cover the trial.
“Aiding these forms of US ‘mass surveillance’ may, however, violate EU privacy laws and fundamental rights.”
Specifically the problem is that the safe harbour safeguards require US companies to 'self-certify' that data will be protected when taken outside the US.
This system has always been criticised, and the PRISM revelations have only proved these fears correct in the eyes of campaigners like Schrems.
"Under EU law such a 'data export' to a third country is only legal if the exporting company (in this case Facebook Ireland Ltd) can ensure an 'adequate protection' for such data in the US," Schrems said in his European Court of Justice hears NSA/PRISM case document (PDF).
"In the current case, the plaintiff claims that the NSA’s PRISM programme and other forms of US surveillance are the exact antithesis of 'adequate protection'."
The case was referred to the ECJ after a judge in Ireland said there was a requirement for the EU to rule on whether Facebook’s actions were in breach of the law.
"The monitoring of global communications - subject, of course, to key safeguards - is accordingly regarded essential if the US is to discharge the mandate which it has assumed," said Judge Desmond Hogan last year.
"But there may also be suspicion in some quarters that this type of surveillance has had collateral objects and effects, including the preservation and reinforcing of American global political and economic power."
Facebook is the company involved in this case, but the outcome will have far-reaching consequences for the relationship between US technology companies with a major presence in Europe, such as Microsoft and Google.
If the ECJ sides with Schrems it could see the entire safe harbour agreement thrown out and new rules brought in to give European citizens more privacy and protection from US authorities.
This will, in turn, cause tension between the US security agencies and US technology firms, as data from these companies is key to surveillance operations.
The US is already attempting to force Microsoft to hand over data stored on servers overseas, claiming that as a US company it is still subject to US laws, even when operating outside the country.
If this challenge proves successful there will be even less protection for EU citizens to keep their data secure, although it could also open the market for European cloud providers to offer services without US interference.
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps