A ruling due next week from the EU's top court on a long-running transatlantic pact on private data could affect all legal ways of moving such data from Europe to the US, lawyers say, potentially disrupting the everyday online transactions of thousands of companies.
Under current European privacy laws, companies are forbidden from transferring European citizens' personal data to countries deemed to have lower privacy standards - such as the US.
However, given the sheer volume of transatlantic data traffic, the Safe Harbour framework agreement was established 15 years ago to enable companies to easily transfer personal data to the US without having to seek prior approval, a potentially lengthy and costly process.
But the European Court of Justice (ECJ) will next Tuesday rule on the continued legality of the Safe Harbour agreement, which is now used by companies such as Facebook and MasterCard.
Last week, the court's adviser, the advocate general, said the agreement should be scrapped following the 2013 leaks from fugitive Edward Snowden about mass electronic surveillance programs conducted by the US National Security Agency.
While it was a non-binding opinion, in most cases judges tend to follow the advocate general's advice.
The case before the ECJ specifically concerns whether the Safe Harbour pact is binding on the national data protection authorities in the light of Snowden's allegations. However, lawyers say the repercussions of a negative ruling could prove far wider, while Washington is already smarting over the Snowden allegations being deemed as fact by the advocate general.
"The same issue would also still exist whatever other mechanism you use to transfer personal data," said Monika Kuschewsky, a lawyer at Covington & Burling.
"None of these other mechanisms excludes US intelligence services from accessing that data."
EU officials also said none of the other mechanisms, for example standard contractual clauses establishing privacy standards between companies, provide any stronger protection against US mass surveillance than the Safe Harbour pact does.
The time frame, too, could be tight unless companies already moved to establish an alternative legal framework.
"A lot of people are worried," Kuschewsky said.
US irritation
Meanwhile, US officials say a ruling in line with the opinion would have a negative effect on transatlantic relations, just when the fall-out over Snowden was starting to dissipate.
The EU and US recently agreed a separate data-sharing agreement for security purposes which hinges on the US Congress passing a law giving Europeans the right to sue the US authorities when their data is misused.
Now, some in Congress may ask why Washington should bother.
Despite the uncertainty as to the line the court will take, lawyers have been advising companies to put in place contingency mechanisms to ensure the everyday transfer of personal data - including employee data - can continue uninterrupted after Tuesday.
"Now is the time to take action if you are currently relying on Safe Harbour to justify transfers," said Ross McKean, partner at law firm Olswang.
Lawyers say the court could leave some breathing space for businesses if it were to annul Safe Harbour by declaring it invalid from a future date.
It could also give the commission - which is negotiating a revised Safe Harbour framework with the US - time to address its concerns and present a strengthened system.