The spread of knowledge about the NSA's surveillance programs has shaken the trust of customers in U.S. Internet companies like Facebook, Google, and Apple: especially non-U.S. customers who have discovered how weak the legal protections over their data is under U.S. law. It should come as no surprise, then, that the European Court of Justice (CJEU) has decided that United States companies can no longer be automatically trusted with the personal data of Europeans.
The court, by declaring invalid the safe harbor which currently permits a sizeable amount of the commercial movement of personal data between the EU and the U.S., has signaled that PRISM and other government surveillance undermine the privacy rights that regulates such movements under European law. In the word's of the court's press release:
The Court [states] that legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.
Likewise, the Court observes that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, the existence of such a possibility being inherent in the existence of the rule of law.