It's always been useless
Safe Harbour (harbor for USAians) is and has always been utterly useless.
The basic premise is that data is covered by the voluntary Safe Harbour agreement when it is stored for the specific purpose that it was registered for. For example a US company registers with Safe Harbour for the storage of EU personal data for the support of their product "ABC". Should this US company release another software package "DEFG" then the storage of EU personal data for support for this software package is not covered unless they specifically have another Safe Harbour registration for this as well. A US company stating that they have registered with a voluntary Safe Harbour agreement means nothing without examining the details.
While this seems reasonable given that the US company should only be storing EU personal data for the stated purpose, the reality is that most companies will forget that the data is to be used for a single specified purpose and merrily use it for other purposes or forget to register another Safe Harbour agreement. As a result, the chance of EU personal data actually being covered by a voluntary Safe Harbour agreement is pretty slim.
To compound the problem, while this data is in hands of a US organisation, any US body with the legal authority to do so may request and must be given full access to this data. Once the EU personal data is in the hands of such a body the Safe Harbour agreement does not apply and this data may be used and disseminated at will. Again, this doesn't seem unreasonable until you understand that the scope of organisations able to demand this data is extremely wide and not just limited to law enforcement agencies, i.e. it covers every municipal and county service imaginable.
Even after all of this - what happens if a US company violates the voluntary Safe Harbour agreement for the storage of EU personal data? Absolutely nothing, that's what. There is no legal recourse as it's a voluntary agreement rather than a statutory requirement.