Europe's high court has struck down a 15-year-old data transfer treaty with the United States, ruling it does not offer enough privacy protection for European citizens.
The European Court of Justice wrote Tuesday that the Safe Harbor agreement does not shield personal data stored on U.S.-based servers from possible U.S. government surveillance.
The agreement was drawn up in 2000 to allow thousands of businesses to transfer information on European customers to the United States, including what websites they visit and where they like to spend their money.
But an Austrian law student brought a complaint against the treaty to the European court, saying his private information transferred to the U.S. by the popular Facebook website was not properly secured.
European officials praised Tuesday's court ruling.
"Today's judgment is an important step toward upholding Europeans' fundamental rights to data protection," said European Commission Vice President Frans Timmermans. "We will continue this work toward a renewed and safe framework for the transfer of personal data across the Atlantic."
But the White House said it was concerned that the ruling could hurt businesses and economic growth.
"We believe that this decision was based on incorrect assumptions about data privacy protection in the United States and the ruling fails to properly credit the benefits to privacy and growth that have been afforded to this framework over the past 15 years," spokesman Josh Earnest told reporters.
The European court ruling is part of the fallout from leaks two years ago by former U.S. intelligence contractor Edward Snowden that the National Security Agency had spied on U.S. and foreign citizens as part of the fight against terrorism.
Privacy advocates regard Snowden as a hero, but the U.S. government says he put national security at risk.
Snowden fled to Moscow to avoid arrest and trial in the U.S.