Uncertainty around the future of trans-Atlantic data transfers leaves more than 4,000 companies on both sides of the ocean that had signed up to safe harbor in limbo | Getty Images Privacy shield dead on arrival The EU-US data transfer plan took several tough hits over the past week.

The latest attempt at an EU-U.S. deal to protect data transfers of everything from family photos to payroll information appears to be on the same path as the last collapsed effort.

The main stumbling blocks, again, are European privacy standards, U.S. exceptions that allow for broad surveillance, and concerns about the independence and power of an ombudsman who will review complaints if Europeans feel their data are mishandled by American authorities. Some of those are the very same issues that scuttled the earlier proposal, known as safe harbor.

The blows to the draft came in quick succession over the past week. On Tuesday, European Data Protection Supervisor Giovanni Buttarelli said the shield would need "robust improvements" to withstand challenges in the courts. Then on Thursday, the European Parliament passed a resolution that the latest pact, the so-called privacy shield, violates the European Union’s Charter of Fundamental Rights. And sources briefed on the talks said the U.S. has made it clear it will not budge on issues of national security.

The European Commission pushed back a deadline it set for itself to finalize the agreement by end of May to sometime before “this summer," but isn't giving up on the agreement struck with Washington in February. Ruling out any renegotiation in the wake of pushback from EU national regulators and the Parliament, EU officials say they're going to implement the accord, knowing that court challenges are inevitable. Those challenges could take years to get through the court system.

"We keep thinking we're going to reach a date and from that date onwards we won't have any more issues. That won't happen," said David Hoffman, global privacy officer at Intel. "The idea that we're going to solve the international data transfer issue with privacy shield, to me, is an incorrect assumption."

Uncertainty around the future of trans-Atlantic data transfers leaves more than 4,000 companies on both sides of the ocean that had signed up to safe harbor in limbo. Champions of the data pact reacted with frustration to the latest political setbacks in Europe.

"Europe risks drifting into data isolation," said Christian Borggreen, director of the Washington, D.C.-based Computer & Communications Industry Association. "Its tools for data transfers to the world are increasingly challenged."

Julie Brill, a former commissioner of the U.S. Federal Trade Commission, agreed. "There are some big decisions that European legislators will have to make concerning the way they stand on data versus the rest of the world."

There was more bad news for the industry last week. The Plan B measure many companies have been using for the past seven months is in jeopardy. The Irish data protection commissioner said that Facebook was illegally transferring data using “model clauses” — a fallback many companies used after the European Court of Justice struck down privacy shield's predecessor safe harbor.

Such standard contractual snippets are approved by the Commission, but the Irish data protection commissioner said they also violate the EU's rights charter because citizens can't seek reparation in court if their data is mishandled by U.S. authorities. Ireland will ask the Irish High Court to refer the case to the European Court of Justice.

"It is unreasonable to ask companies to reinvent their practices all the time. We need more legal certainty now, not less," said Paul Meller, spokesman for DigitalEurope, which represents the interests of tech giants like Apple, Google and Microsoft.

Despite the mounting obstacles, the European Commission and U.S. regulators contend the privacy shield will be approved and provide companies the legal cover they need.

The European Court of Justice struck down the safe harbor pact in October, siding with Max Schrems, an Austrian privacy activist, against Facebook. Under safe harbor, companies self-certified that Europeans’ data had the same level of protection in the U.S. The revelations of Edward Snowden showed that was untrue.

There is little doubt the privacy shield will be equally challenged. "As long as far-reaching U.S. surveillance laws apply to [companies], any legal basis will be subject to invalidation or limitations under EU fundamental right," Schrems told POLITICO.

The European Parliament's resolution on the privacy shield acknowledges its improvements over the safe harbor pact, but pointed out that U.S. intelligence services can still snoop on EU citizens' data in ways that "does not meet the stricter criteria of necessity and proportionality as required under the Charter [of Fundamental Rights]” — one of the reasons safe harbor didn't survive the beating at the European court.

Making the changes the Commission requested is delaying the final text. The so-called Article 31 committee of national representatives across Europe is scheduled to meet June 6 and June 20 in hopes of getting the deal approved. The aim is to present it at an informal meeting of EU ministers July 7 at the start of the Slovak presidency of the EU Council.

That moving target is a problem for companies. "Either they go for the bitter pill to swallow and choose providers that keep their data in Europe ... or they take the risk of relying on instruments that are being challenged," said Peter Van Dyck, privacy lawyer at the law firm Allen & Overy. "I think that, at this time, they'll have to take the risk."