Facebook and other big tech companies have just lost big time in Europe.
They might soon be forced to radically change the way they deal with user data after the European Union's top court ruled Tuesday that they can't simply hand it over to U.S. authorities.
The court declared invalid a 2000 "Safe Harbor" agreement that allowed Facebook (FB) and other tech firms to transfer users' data in huge quantities to their servers in the U.S. More than 4,000 companies, including giants like Google (GOOGL) and Amazon (AMZN), took advantage of the agreement.
The ruling could complicate life for the tech companies and U.S. intelligence services, and hurt Europe's economy.
The U.S. slammed the ruling. "We are deeply disappointed in today's decision from the European Court of Justice," said Penny Pritzker, U.S. Secretary of Commerce.
"[It] creates significant uncertainty for both U.S. and EU companies and consumers, and puts at risk the thriving transatlantic digital economy," she added.
The European Court of Justice ruled in favor of Austrian law student Max Schrems. He had complained about the way Facebook transfers his personal data to the U.S., where it can be accessed by authorities with little respect for his privacy.
He used documents exposed by the Wikileaks whistleblower Edward Snowden, and his allegations of mass spying by the U.S. intelligence services, to illustrate the problem.
In an interview with the BBC broadcast Monday, Snowden said he was ready to go to prison if U.S. authorities would accept a plea bargain.
The European court ruling is seen by some as part of a wider crackdown on big U.S. tech companies.
"It should be seen as part of a general trend - the European Court of Justice has been pro-privacy in a big way, making bold and strong decisions," said Paul Bernal, a data protection expert at the University of East Anglia.
The ruling was a "direct consequences of the Snowden revelations," he added.
Related: Google is spending millions more to lobby Europe
The ruling will have implication for all tech companies that used the deal to transfer data.
"This case is not about Facebook. The Advocate General himself said that Facebook has done nothing wrong," Facebook said in a statement.
Schrems called the decision "a major blow for U.S. global surveillance that heavily relies on private partners."
His complaint was first dismissed by the authorities in Ireland, where Facebook has its European base, because the data was covered by the transatlantic agreement.
But the court said Tuesday individual EU member countries are now required to investigate such complaints independently, and should have the right to ban U.S. companies from transferring data in the future.
"We expect that a suspension of Safe Harbor will negatively impact Europe's economy, hurt small and medium sized enterprises, and the consumers who use their services, the most," said Christian Borggree, director of the Computer & Communications Industry Association.
Facebook said it was "imperative that EU and US governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security."
The court's ruling is final.