The problem is simple: Privacy Shield is a *trade* agreement
The problem really lies on the US side (no surprise there, sorry): although the Privacy Shield agreement is mainly a tool to stop an all out trade war (or, to be precise, a mechanism by which US companies can continue to make vast profits off the private details of EU citizens), there is no actual legal match between the two entities.
US law has at federal level so many backdoors (they seem to love them over there) that privacy protection for even US citizens is but a vague and as yet unsubstantiated rumour, which is wholly at odds with the EU situation. As that gap is unlikely to be addressed (because, you know, profit), any attempt to pretend it's all fixed is just marketing and, to be frank, the same BS we were served even befoe Safe Harbor died.