On October 6, 2015, the European Court of Justice (the European Union's highest court), struck down the US-EU Safe Harbor Agreement that previously provided companies to store personal data about Europeans on U.S. servers, and to transfer data to the U.S., without getting caught in Europe's web of country-specific privacy and data transfer rules. The Court's ruling threatens to wipe out 15 years of accepted business practices overnight.

From 2000 until this week's ruling, companies could internally control their data privacy activities as long as they certified that they were complying with the Safe Harbor Agreement. The Court ruled that this 15-year old self-certification system does not adequately protect Europeans whose data might be transferred out of the EU. Instead, the Court’s decision leaves it to each European country's regulators to evaluate all data transfer and protection systems under their respective jurisdictions. In essence, multinational companies must now comply on a country by-country basis instead of relying on one all-encompassing Safe Harbor.