A crucial data arrangement between Europe and the US was invalidated on Thursday, throwing trans-Atlantic big tech into legal limbo.

The decision stemmed from a legal complaint by Austrian activist Max Schrems, who in 2015 scuppered a previous EU-US deal on which tech giants depend to do business.

"It seems we scored a 100 percent win," Schrems said on Twitter.

"For our privacy, the US will have to engage in serious surveillance reform to get back to a 'privileged' status for US companies," he said.

Schrems' legal assault began after the revelations by Edward Snowden of mass digital spying by US agencies, which the EU court at the time said were incompatible with European norms on privacy.

The previous decision struck down a deal called "Safe Harbour" that allowed for data transfers between Europe and US servers, throwing transatlantic business into legal limbo.

Its replacement "Privacy Shield", which is currently used by over 5,000 US companies, has now been invalidated as well.

European judges will decide on the legality of Facebook's data transfers between the US and Europe
European judges will decide on the legality of Facebook's data transfers between the US and Europe AFP / Olivier DOULIERY

The judges said that even though the deal requires that the US must comply with EU privacy law, the deal's provisions "do not grant Europeans actionable rights before the courts against the US authorities."

The court said, however, that another arrangement, known as standard contractual clauses, could stand, giving companies an alternative framework.

The case decided on Thursday originally focused on these complex clauses, an EU invention in which companies outside Europe commit to meeting EU laws on data and privacy.

These arrangements are however far more legally cumbersome for companies than a bilateral deal such as "Privacy Shield".

During the hearings, judges turned their focus to "Privacy Shield" and a legal advisor to the court warned that it may be illegal.

Schrems' latest case began in Ireland, the hub for Facebook's activities in the European Union. The Irish Data Protection Commission referred the complaint to Ireland's top court, which turned it over to the judges in Luxembourg.

CCIA, the lobby for US big tech, criticised the decision, "which creates legal uncertainty for the thousands of large and small companies on both sides of the Atlantic."

"We trust that EU and US decision-makers will swiftly develop a sustainable solution, in line with EU law, to ensure the continuation of data flows which underpins the transatlantic economy," CCIA added.