The appeal was lodged on 2 April and follows similar action in Belgium.

The association, which represents people identified as Americans, writes that “massive and automatic” data transfers to the US violate European the General Data Protection Regulation (GDPR) as well as national laws on data protection and privacy.

“The basic problem is that EU member states must breach their own laws in order to comply with US law”, said AAA president Fabien Lehagre. “This is just one example of the adverse effects of the extraterritoriality of American law.”

The AAA is also awaiting a decision from the European Commission on whether it will haul France before the EU Court of Justice after the French Council of State refuted claims that Fatca-mandated personal data transfers were illegal.

In Luxembourg, the GDPR was implemented by the Law of 1 August 2018 and entered into force on 20 August 2018. As a regulation it has extra-territorial scope and must be applied to the processing of data of people inside the EU on websites outside the bloc, including in the US.

The Foreign Account Tax Compliance Act (Fatca) aims to reduce tax evasion by US nationals in relation to foreign income from financial assets held outside the US.

Note: Information about historic data breaches was removed from this article.