Business lobbyists were predictably supportive of the new deal.
"Privacy Shield sets a new high standard for EU-U.S. data transfers. It is a major privacy win for consumers and it provides legal clarity for thousands of European and U.S. firms," said Christian Borggreen, European director of Computer and Communications Industry Association, whose members include the likes of Amazon.com, Google and Microsoft.
But it's not just big business that will benefit, according to BSA The Software Alliance, a group that promotes intellectual property protection. The alternatives to Safe Harbor have been particularly burdensome for small businesses, BSA President and CEO Victoria Espinel said.
"The free flow of data is vital for the transatlantic economy. We are talking about at least half a trillion dollars' worth of commerce annually," said Spinel. "The movement of data across borders enables European and US companies to offer the best services and products to consumers. It is also essential to creating the economic growth and job creation that is so important in both the US and EU."
But Jourová's nice distinction between bulk data and mass surveillance didn't impress campaign group European Digital Rights (EDRI), nor Max Schrems, the Austrian whose complaint to the Irish Data Protection Commissioner about Facebook's handling of his data ultimately led to the CJEU ruling.
"In Annex VI of the Privacy Shield decision, the US government explicitly confirms that U.S. services conduct 'bulk collection' by using data from U.S. companies. While the U.S. highlights what it called limitations (for example for only six broad purposes), the mere possibility of such mass surveillance is contrary to the CJEU judgement," Schrems said via email.
EDRi Executive Director Joe McNamee doesn't give Privacy Shield long: "We now have to wait until the Court again rules that the deal is illegal and then, maybe, the EU and U.S. can negotiate a credible arrangement that actually respects the law, engenders trust and protects our fundamental rights," he said.
Schrems isn't planning an immediate legal challenge to Privacy Shield, but suspects that there will be no lack of possible plaintiffs.
One potential complainant stepped forward almost immediately. The Article 29 Working Party, composed of the EU's national data protection authorities, said Tuesday it is analyzing the final texts of Privacy Shield and will meet on July 25 to agree its position. The working party was critical of the early draft, in particular the way it left the door open to indiscriminate mass surveillance of Europeans' data by U.S. authorities.
Privacy Shield will take effect as soon as member states' governments are notified, something the Commission said it planned to do later Tuesday.
The U.S. Commerce department will accept Privacy Shield self-certifications from Aug. 1.
Sign up for CIO Asia eNewsletters.