The main problems with all of this discussion about the legal aspect is it relies on all gov doing the same thing in law as the EU standard and companies honouring that as well. Both as slow and unlikely to happen, and also likely to get screwed over by some gov deciding to change the law on slurping (or just doing it by the back door of secret court orders).
But there is the option of encrypting a customer's data with their own key(s) in such a way that the cloud service never has access to said keys. In that sense it matters not one hoot as to where your data is because its always under your lock & key.
Yes, I know it might not be fully NAS-proof if they took a fancy to it, but it is enough for companies to be able to honestly say they cannot prove clear-text data, so there is no point in asking. In addition there is little to no risk of accidental disclosure to a corrupt cloud company employee, discarded equipment, sale if cloud company goes in to administration or is taken over, etc...
Of course that has its own issues, and is not going to go down well with data slurping companies like FB, Google and (sadly now) MS where scanning your data to whore you to advertisers is how they make a living. They could work around that to have a decent compromise, but without all of the lovely profitable user-identifying data to play with. So bugger-all chance of them volunteering to do this.