The news of the Safe Harbour bashing by the European Court of Justice is hardly a news since the EU directive 95/46 already affirmed the possibility of a local jurisdiction over transnational data-exchange.
The actual issue is that the data protection authorities didn’t have the courage to state it clearly before, leaving ISPs and Telcos without actual guidance and, more important, exposed to fines and sanctions.
As a matter of fact, the EUCJ decision doesn’t invalidate the core of the safe-harbour, unless for “safe harbour” we mean a way to export overseas personal data, claiming that EU data-protection authorities lost their jurisdiction.
From a corporate perspective, an issue to be dealt with in the EU toward USA personal data exchange, is to check whether the current agreements/policies actually comply with the directive.
From a concerned citizen perspective, the question to ask is: where were the data protection authorities until this decision was issued?
Once again, the inertia of the public services led to industry damages and low citizen’s right protection.