The European Union’s top court ruled this week that the “Safe Harbor” agreement allowing private American companies to transfer user data to U.S. servers is, in fact, invalid.

The decision will strike a big blow against Facebook and other large tech companies in Europe, and could severely complicate their operations. However, it’s a huge win for Austrian student Max Schrems, leader of the Europe v. Facebook watchdog group. Schrems originally launched the case two years ago after Edward Snowden’s leaks revealed the extent to which the NSA was using Facebook to gather information. Schrems argued that European users were not being fairly protected, and when Irish authorities rejected his complaint, he continued escalating the case.

This dismissal by the Irish authorities pointed to a 2000 ruling by the EU’s Executive Commission that granted “safe harbor” to U.S. companies in Europe, allowing them to freely transfer information from European countries to the U.S. The rule was intended to make online trade easier, but the court’s ruling this week throws the entire future of this information sharing in question.

“This decision is a major blow for U.S. global surveillance that heavily relies on private partners,” Schrems said. “The judgment makes it clear that U.S. businesses cannot simply aid U.S. espionage efforts in violation of European fundamental rights.”

While this case is likely far from finished, Europe has still won a major victory for Facebook user privacy abroad.