After the ECJ’s Oct. 6 decision invalidating the EU-US Safe Harbor, all the European data protection authorities are facing an unprecedented situation: What will be the legal basis for personal data transfers to the United States? How will transfers be authorized?

The Article 29 Working Party, presided by French data protection authority (CNIL) president Isabelle Falque-Pierrotin, is seeking to find a coordinated response among all EU Member States. European Commission representatives have asked the national data protection authorities to find a solution and not to revoke authorizations granted to date.

For its part, the CNIL will be holding in the morning of Oct. 7 a special emergency meeting. The CNIL may decide whether past transfer authorizations are still valid; whether authorization must henceforth be given to each transfer; and if BCRs are now the only solution.