The EU’s highest court struck down a deal that allows thousands of companies to easily transfer personal data from Europe to the United States, in a landmark ruling yesterday that follows revelations of mass US government snooping.

Many companies, both US and European, use the Safe Harbour system to help them get round cumbersome checks to transfer data between offices on both sides of the Atlantic.

That includes payroll and human resources information as well as lucrative data used for online advertising, which is of particular importance to tech companies. But the decision by the Court of Justice of the European Union (ECJ) sounds the death knell for the system, set up by the European Commission 15 years ago. It is used by over 4,000 firms including IBM, Google and Ericsson.

The US said it was deeply disappointed by the ruling

The court said Safe Harbour did not sufficiently protect EU citizens' personal data since the requirements of American national security, public interest and law enforcement trumped the privacy safeguards contained in the framework.”

In addition, EU citizens have no means of legal recourse against the misuse of their data in theUnited States, the court said.

A bill is currently winding its way through the U.S. Congress to give Europeans the right to legal redress. The ECJ in its ruling referred to revelations from former National Security Agency contractor Edward Snowden, which included that the Prism programme allowed U.S. authorities to harvest private information directly from big tech companies such as Apple, Facebook and Google.

The US, which in the run-up to the decision had issued strenuous defences of its intelligence programmes, said it was “deeply disappointed” by the ruling.

IBM said it created commercial uncertainty and jeopardised the flow of data across borders.

“The free movement of data across borders is the foundation of the global economy, facilitating everything from financial services and manufacturing to shipping and retail,” said Christopher Padilla, Vice President of Government and Regulatory Affairs at IBM.Any company with a centralised HR database in the United States would need to transfer personal data there, and companies that do not have data centres in Europe often ship the data from their European clients across the Atlantic, lawyers said.

However, they also said most multinationals, such as Facebook and Microsoft, would probably be able to continue with business as usual as they already had alternative legal channels for transferring data to the United States.

The ECJ ruling became effective immediately and the European Commission said it would continue to work with the United States on a revamped data transfer deal to fill the void.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.