Safe Harbour was designed as a "streamlined and cost-effective" way for US firms to get data from Europe without breaking its rules.
Companies in the US were able to self-certify that they had put the appropriate data privacy measures in place.
In the wake of the Snowden allegations, the top European court has ruled that Safe Harbour is invalid.
The White House has expressed disappointment that a "critical" agreement had been struck down because of "incorrect assumptions about data privacy protections in the United States".
But the question is - what's changed?
I've spent the day canvassing the views of firms in Silicon Valley. Most didn't want to talk on the record and were taking a wait-and-see approach as to what happens next.
Of those that did have something to say, here's a selection.
Microsoft provides cloud services - online storage - for many businesses around the world. In a blog post, the company said: "For Microsoft's enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place."
But it called for renegotiation of Safe Harbour to be swift.
"Many European nations are currently considering amendments to their surveillance laws. Rather than just expand governments' surveillance authority as some are seeking to do, the focus should be on striking the right balance between security and privacy without sacrificing one for the other."
The Internet Association represents some of the biggest players in Silicon Valley and beyond, including Twitter, Google, Facebook, Netflix and Uber.