EU functionaries and airline officials are busy trying to find a fix so the deal can be put back in place. The court stayed its order until September, and chances are a solution will be found before then. Otherwise, transatlantic air traffic could be severely affected, and some airlines are already sounding dire warnings.
It's important to realize that the court did not say that passengers have a basic right of privacy, such that a deal like this one is inherently improper. The problem was that, in ordering the airlines to provide the information, the EU's Council of Ministers violated a privacy directive created by the all-powerful EU bureaucracy: the Commission. So presumably the directive could simply be amended, though EU law is such a byzantine and boring subject that I can't claim to know what complications might be involved.
However, I can attest that this particular complication sounds very much like the EU that I know and love:
It is understood the commission will look at drawing up a new directive by the end of September, which will be difficult because Brussels shuts down for six weeks over the summer.
Even if the deal can be rehabilitated eventually, privacy advocates are happy about the court's decision. They've been going on TV to tell everyone that the US system doesn't make anyone safer, and in fact it's counterproductive because it produces a flood of data that security agencies can't handle.
I don't know about that, but I did find this both amusing and troubling:
On numerous occasions, European aircraft have had to turn back halfway across the Atlantic because the US homeland security department has "red flagged" a passenger on board after studying data provided by airlines.
In many instances, this has been a result of mistaken identity - in some cases caused by spelling or other errors on the US authorities' watchlists.