The European Court of Justice ruled that the decision to approve the data transfers, taken in May 2005 by EU governments and the European Commission, was "founded on an inappropriate legal basis".
The EU decision was blasted by civil liberties groups at the time, but the court did not rule on whether people's privacy was being invaded. In November, a top EU official rejected claims that the privacy of passengers had been violated.
The agreement between Brussels and Washington came as part of the security clampdown from the September 11, 2001, attacks in the United States.
Under the agreement, airlines would be obliged to provide the US authorities with up to 39 pieces of data on passengers and crew, including credit card information, addresses and telephone numbers, 15 minutes before a flight's departure.
US position
The US says the information helps identify potential terrorists.
EU and US officials say they are confident a solution can be found to enable the data transfers to continue.
Stewart Baker, an assistant secretary of state for the US Department of Homeland Security, said "I am confident that we will find a solution that will keep the data flowing and the planes flying."
It's really a problem for the lawyers, he said.
Washington has previously warned that it would impose heavy fines and deny landing rights for any airline failing to comply with the agreement.
The US authorities also said passengers would be subject to long security checks on arrival if the data was not sent in advance.
Detail of Appeal
The appeal to the European Court of Justice was brought by the European Parliament. The former president of the assembly, Pat Cox, said he believed that passengers' rights were being infringed by the transfers.
However the decision ruffled many feathers at the parliament because the assembly had been excluded from the process.
The Luxembourg-based top EU court gave the EU and the United States until September 30 to negotiate a new agreement. The data transfers can continue
until then.