In the latest ripple effect from the European Court of Justice’s invalidation of the U.S.-EU Safe Harbor, German data protection authorities (DPAs) issued a position paper saying they will not approve any new transfers of personal data to the United States based on binding corporate rules (BCRs) and would audit transfers predicated on standard contract clauses previously approved by the European Commission. The DPAs also warned that the consent of data subjects may be a “sound basis” for transfers only “under strict conditions” ? and only in “exceptional cases” for employee data. This is another signal that, to some European DPAs, any transfers of personal data to the United States are now highly disfavored and will be subjected to close scrutiny ? and perhaps barred altogether in the not-too-distant future.