What isn't beyond EU policymakers is to simply say no to data transfers until the US behaves itself.
Although I'd agree, there are three problems with that.
1 - MASSIVE amounts of companies and people have fallen for the "your data is safe with us, we're the nice guys" ruse of the bigger data thieves such as Google and Facebook, or do you really think that any mention of the word "security" in any conversation is for YOUR benefit? That's not something that will unwind itself quickly, especially since myth 2 prevents company management from switching: it's "cheaper" (until it fails). If even the UK government uses Google for data internal to the government, what chance does the average citizen have? In that context I would like to visit a pox on companies that use things like Facebook and Twatter for their only customer interface because it forces their customers to agree to their onerous terms just to get support (we've canned 3 companies over the last month alone for trying this one).
2 - We don't have the same size companies here. The massive benefit of the US market is that it's unified, whereas in the EU we still basically have a lot of legislative islands. This means if you can spin up a company fast enough in the US (read: solve an actual problem and have lost of investor cash to keep pushing), you can become big VERY fast to the point that you can more or less buy the laws you have been ignoring up until that point. You can't do that in Europe, which makes for better and more ethical products but it makes it harder to get something sizeable off the ground. Not impossible, but *a lot* harder.
3 - the problem in the US is legislation, and that is not exactly a trivial one to fix. You cannot undo a mess that took over 2 decades to grow in a few years, especially not by proxy from the outside.
In that respect I laugh at the whole Privacy Shield idea: it's yet another ruse with a fancy name, but it is only a ruse, a mirage, a fiction. It is a political fix to for what is in effect a massive legal problem that cannot be fixed overnight.
Personally I'd prefer a holding pattern: no NEW services should be bought. Let be what is, and make people aware so they can exit the companies that use US resources, but make it impossible to buy NEW services. A slowing down revenue stream is far more effective than quick fixes because it cannot be explained away as a blip, it's a trend. And a trend is scary for people who are 90% emotional. (apologies for referring to this article again, but it's worth reading - not because of Trump, but because of the fairly sensible assertion behind it).