The so-called "Safe Harbor" agreement in which data from social media companies is transferred from the EU to servers in the United States has been declared invalid and fails to give adequate protection to users.
"The Court of Justice declares that the Commission's US Safe Harbor Decision is invalid," it said in a statement.
The safe harbor agreement has been subject to scrutiny following whistleblower Edward Snowden's revelations of mass surveillance, carried out by the National Security Agency (NSA), which had access to swathes of Facebook data belonging to European citizens.
The ruling will come as no surprise to big technology firms. Europe's Advocate General had previously advised the court that the safe harbor agreement, designed to protect people's personal data is invalid, because it can't guarantee that the NSA won't spy on European citizen's data which is transferred to US servers.
It follows the case of Max Schrems and 25,000 other social networkers who are suing Facebook for tracking their data and breaching their right to privacy.
— Max Schrems (@maxschrems) October 6, 2015
First Response to the #CJEU ruling on #SafeHarbor: http://t.co/ScLvpzIonT
— Max Schrems (@maxschrems) October 6, 2015
These include the alleged illegal tracking of their data under European Union law — and Facebook's involvement in the PRISM surveillance program by the NSA, revealed by Edward Snowden.
The ramifications of this case will cause headaches among European intelligence agencies hoping to ramp up their efforts on online surveillance and could force the NSA to change its surveillance laws to protect European citizens in the future. Facebook denies any wrongdoing.