Skip to main content

Facebook vs Europe: the battle against European data collection

Facebook is about to enter a major case against “Europe” over the collection of European citizen’s data under the “PRISM” programme. NSA whistleblower Edward Snowden leaked the programme in 2013 alongside various other US surveillance programs, causing a global shift away from US corporation control.

The PRISM programme allows the US government to collect data from Facebook’s servers located in the United States. Austrian law student Max Schrems - who originally filed the case in Ireland - believes Facebook should relocate servers to countries of origin instead of rerouting all data back into the US.

This is a starting case for a much larger battle to get all US companies with subsidiaries in Europe to keep data local. EU law makes sure that any exported data is handled with care if delivered to the US, sticking to the same safeguards it would have in Europe.

Right now, the law on server data is still murky, but Schrems trial looks to break new ground and bring new laws into play. These laws could effectively change how US corporations handle data overseas.

Having local data centres for companies like Facebook, Microsoft, Yahoo and Google would bring new security parameters, making sure that each country's data is protected against threats from the US and other surveillance states.

It could also bring local jobs into the area, if the companies have to hire engineers to work on server maintenance, upholding the law in the country and potentially setting up data centres in the country.

Microsoft has already asked for data handled in another country to be protected by the country's own rules, instead of the US being able to take data from Europe and use it in the United States without a warrant.

The US authorities argue that data from US corporations should all be handled at home, and the companies should hand over any data from other countries. This goes against the argument the European Union are putting forward; that it is a human rights violation to actively collect and monitor user data.