The European Court of Justice (CJEU) today decided that United States companies like like Facebook, Google, and Apple can no longer be automatically trusted with the personal data of Europeans. The court, by declaring invalid the safe harbor which currently permits a sizeable amount of the commercial movement of personal data between the EU and the U.S., has signaled that PRISM and other government surveillance undermine the privacy rights that regulates such movements under European law.

Here is what the court said:

"The Court [states] that legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.

Likewise, the Court observes that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, the existence of such a possibility being inherent in the existence of the rule of law.

Privacy campaigner Max Schrems, whose complaint against Facebook Ireland initiated the case, said the judgment "clarifies that mass surveillance violates our fundamental rights".

He said the judgement makes it "clear that US businesses cannot simply aid US espionage efforts in violation of European fundamental rights".

The EU judges said Ireland’s court must now decide whether to suspend the transfer of data from Facebook to the United States.

The verdict also affects some 4,400 US firms that have signed up to the self-certification agreement.

"Safe Harbour" is supposed to provide an "adequate" level of protection whenever data from EU citizens is transferred to the US. Without Safe Harbor, personal data transfers are forbidden, or only allowed via costlier and more time-consuming means, under EU laws that prohibit data-sharing with countries deemed to have lower privacy standards, of which the United States is one.

EU data protection authorities had no power to investigate compliance.

But the Luxembourg judges said national supervisors authorities "must be able to examine, with complete independence" the transfer of data to US.

The pact has come under intense scrutiny following 2013 media revelations of mass and indiscriminate spying by the US intelligence services on EU citizens.

The scandal revealed the Maryland-based National Security Agency (NSA) obtained access to data of EU citizens held by big US firms like Apple, Facebook, Google and others.