As leaks from Edward Snowden revealed European user data stored by US companies is not safe from surveillance that would be illegal in the Europe, the European Court of Justice decided to invalidate the transatlantic Safe Harbour personal data protection agreement.
The implications of this are still unknown but it could cause a major headache for US-based companies as they may now face scrutiny from individual European countries' data regulators and could be forced to host European user data somewhere in Europe rather than in the US:
Here are the main points:
Individual European countries can now set their own regulation for US companies' handling of citizens' data, vastly complicating the regulatory environment in Europe.
Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.
The Irish data regulator will now examine whether Facebook offered European users adequate data protections, and may order the complete suspension of Facebook's transfer of data from Europe to the US if so.
We'll have to wait to see how this plays out. The consequences for deep-pocketed companies like Facebook and Google may be small but I'm afraid it could be a major headwind for small businesses and startups.