The EU European Court of Justice has ruled that a Safe Harbour agreement, signed by many of the largest tech companies in the world, is invalid.
Facebook, along with a number of other companies have used Safe Harbour for the last 15 years as a means of self-regulating their data protection measures without having to adhere to the local laws in an EU country.
The ruling by the European Court of Justice ends a 15 year agreement.
It was set up to allow the safe transfer of personal data between the EU and the US without concerns arising that certain countries did not have adequate laws protecting online data.
Instead the tech giants came to an agreement that they would set their own standards - the idea being that it would generally be higher than those of the host country.
The agreement has now been ruled invalid, with the European Court of Justice arguing that the agreement should not excuse individual countries from checking up on the US companies and their practices.
Facebook stores huge quantities of personal data in massive US-based data centres like this one.
Facebook has been mentioned in particular because it makes massive data transfers from the EU to the US, although its believed that there are over 5000 other US companies that could be affected by the ruling.
The ruling has come as a result of a legal challenge by Austrian privacy advocate Maximillian Schrems who was concerned that Facebook's self-regulation was allowing it to share personal data with US spying agencies such as the NSA.
Professor Mark Skilton from Warwick Business School warns that, "the gap between American and European legislation on privacy is at breaking point."
SEE ALSO:
Legal experts have also warned that the ruling will have major implications for companies like Facebook as they prepare to implement regulations that will have to adhere to each individual EU country.
Christopher Jeffery from international law firm, Taylor Wessing explains that it'll be a tale of two halves saying:
"We would expect the more pragmatic regulators (UK, Ireland and others) to allow companies time to re-organise their compliance programmes."
"In countries like Germany where Safe Harbor has long been regarded with suspicion the regulators may not be so generous – they may feel concerns about Safe Harbor have been well-flagged."
The end result? Jeffery says the clear message from the ruling is Facebook needs to 'get on it' and fast.