The case discussed here is the result of the actions of two individuals, Edward Snowden and Maximilian Schrems. In 2013, Snowden exposed several programs, run by United States (US) intelligence agencies, capable of collecting, storing, and analysing personal data of both US citizens and others on an unprecedented scale. These revelations severely shook the trust of European citizens in the online activities of governments. The outrage did not immediately lead to legal action from the EU, but the Commission did initiate a review of Safe Harbour, the Commission decision under which personal data can be transferred from the EU to the US.1 Using the information released by Snowden, Mr Schrems, an Austrian, lodged a complaint with the Irish Data Protection Commissioner about the transfers of his personal data by Facebook Ireland ltd to the US under the Safe Harbour decision, Commission Decision 2000/520. [First lines]