Another lobby group, Digital Europe, warned that the ruling would cause immediate harm to consumers, employees and employers.
“We urgently call on the European Commission and the U.S. government to conclude their long-running negotiations to provide a new Safe Harbour agreement as soon as possible,” said its president, Peter Olson. Facebook isn't a member of his organization but Apple, IBM and SAP are.
While a new Safe Harbor agreement might provide stronger protections for personal data, it won't end the legal uncertainty.
That's because another aspect of the CJEU's ruling affirmed the right of national data protection authorities to investigate the protections afforded by such agreements and even to challenge them in the courts -- although it reserved to itself the right to invalidate agreements made by the Commission, as it did Tuesday with the first Safe Harbor agreement.
Before the CJEU's ruling, businesses registered under Safe Harbor could apply the same rules to their operations across the E.U., but by returning power to the national DPAs, warned Hildebrand, "We could lose that uniformity. We could have DPAs in different countries taking their own positions and conducting their own investigations. It could be country by country or, God forbid, case by case."
One way to clear up that uncertainty is to rewrite the laws.
In fact, EU lawmakers have been working since 2012 to rewrite the EU's personal data protection regime, which stems from a 1998 directive.
Work on the new general data protection regulation, though, is still several months from completion -- and even then won't take effect for another two years or so.
The European Commission is due to outline its plans for dealing with the aftermath of the CJEU's ruling later Tuesday.
Sign up for CIO Asia eNewsletters.