The way Facebook transfers people's data abroad from the EU is valid, according to an adviser to Europe's top court
- An adviser to Europe's top court has handed Facebook a small victory, arguing that the way it and other major US firms transfer data from the EU to the US is valid.
- The opinion - which is not a ruling - centered on a tool called "standard contractual clauses" and elements of the EU-US Privacy Shield, a data-transfer pact between the two regions.
- The case came about after Austrian privacy activist Max Schrems took Facebook to court, arguing that EU citizens were vulnerable to American surveillance thanks to a mismatch in privacy laws.
- Schrems said he was "generally happy" with the adviser's findings.
- Visit Business Insider's homepage for more stories.
Facebook and the privacy activist who took the firm to court were both handed a small victory on Thursday, as a high-level advisor to Europe's top court ruled that the way US firms transfer data abroad is valid and legal.
The advice is the latest stage in a six-and-a-half year court battle initiated by Austrian law student and privacy advocate Max Schrems. Following the revelations from NSA whistleblower Edward Snowden in 2013, Schrems filed a complaint against Facebook in Ireland, where Facebook's EU headquarters are.
At the core of the dispute is Facebook's handling of personal user data, and how the company transfers that data internationally. Schrems' case argued that Facebook's handling of data violated European right to privacy laws.
The advice, issued by Advocate General Henrik Saugmandsgaard Øe, determined that the way Facebook and other firms currently handle the transfer of data on its European users to the US is valid.
The advice is not a court ruling, but will probably inform the European Court of Justice's eventual decision. Whatever the court decides will have far-reaching implications for how companies the world over transfer user data.
Schrems said he was "generally happy" with the findings.
He added that that if the court follows the opinion,, most people won't see any practical impact. "Everyone will still be able to have all necessary data flows with the US, like sending emails or booking a hotel in the US," he said.
"Some EU businesses may not be able to use certain US providers for outsourcing anymore, because US surveillance laws requires these companies to disclose data to the NSA. This is also an economic problem for the US, because foreign revenue will go elsewhere."
He added: "It is really upon the United States to ensure baseline privacy protections for foreigners. Otherwise no one will trust US companies with their data."
Schrems' dispute with Facebook is complex, and the two sides are not opposed on every point.
Schrems argued that transferring EU citizens' data to Facebook, a US company beholden to US surveillance laws, placed them at risk of foreign surveillance. He earlier convinced the European Court of Justice to abandon its previous "Safe Harbor" system which allowed for data transfers between the US and the EU.
Facebook subsequently said it would use something called "Standard Contractual Clauses" (SCCs) to protect its European users.
And according to the AG's advice: "Commission Decision 2010/87/EU on standard contractual clauses for the transfer of personal data to processors established in third countries is valid."
Schrems remains concerned about the EU-US Privacy Shield, another data-transfer arrangement which he says still leaves European citizens vulnerable to US surveillance. Øe in his advice appeared to agree with these concerns.
Previous rulings by the ECJ on Facebook have had wide-ranging impact, such as a ruling earlier this year that allowed EU courts to issue takedowns of Facebook content that would then apply worldwide.
Business Insider has contacted Facebook for comment.