the pact does not include sufficient ANY REAL protections
FTFY
Privacy Shield – the new US-EU agreement on sharing people's personal information – may be in doubt after the German privacy agency said the pact does not include sufficient protections. A document was posted on the agency's website noting that it was "not yet in a position to confirm that the current draft adequacy decision …
My understanding is that so long as user data my be coerced from, or provided voluntarily by, the company that the source of the data (usually the individual) did not agree to, or was never asked to, provide their data, it is in violation of EU Privacy regulations. Period. Since US law specifically allows various exceptions to the 'data contract' between the user and the US-based firm, it will never be permitted.
Privacy Shield, no Privacy Shield, simply does not matter as the dispute at hand is based upon US Law which hasn't changed. Period.
Or did I miss something?