Following a dispute between Austrian data protection advocate Max Schrems, it was decided that US data protection legislation was insufficient and that the agreement needed to be cancelled. On 24 March 2015, the European Court of Justice began to refer the case of the High Court of Ireland to the NSA/PRISM espionage case, which could have a significant impact on the safe harbour framework and on US internet companies operating in Europe (C-362/14). The complainant, Austrian Facebook user Max Schrems, argues that the United States does not offer "adequate protection" and even asserts that the NSA`s PRISM program and other forms of U.S. surveillance are the exact antithesis of "appropriate protection." The date for the Advocate General`s notice is June 24, 2015. On 16 March 2016, 27 civil rights organisations stated that they did not believe that the data protection shield agreement between the United States and the European Union complied with the standards established by the European Court of Justice (ECJ), particularly in the recent case where the legal basis for the safe harbor framework was declared invalid. In the absence of substantial reforms to ensure the protection of the human rights of people on both sides of the Atlantic, the groups consider that the data protection shield is being undermined in order to weaken confidence in the digital economy and perpetuate human rights violations already committed as a result of surveillance programmes and other activities. It has allowed companies like Facebook to certify themselves that they would protect the data of EU citizens when they are transferred and stored in US data centres. The short-term impact on users should not be obvious. The termination of the agreement will in theory guarantee better protection of users` personal data in the future.
It could also help ensure that the US government does not have access to EU user data. The International Safe Harbor Privacy Principles or Safe Harbor Privacy Principles are principles developed between 1998 and 2000 to prevent private organizations in the European Union or the United States that retain personal data from accidentally revealing or losing personal data. They were overturned on 6 October 2015 by the European Court of Justice (ECJ), which allowed some US companies to comply with data protection legislation to protect EU citizens and Swiss citizens.  U.S. companies that store customer data can certify themselves that they adhere to 7 principles, that they comply with the European Data Protection Directive and Swiss requirements.