the last reply made by @doublelayer most interests me. I would have thought that moving data dominion from Ireland (GDPR) to the USA (using some diluted GDPR analogue like Privacy Shield) would not make a significant difference to our rights as EU-located individuals.
This is obviously not the case, however, as FB would not have bothered if that were true...
An unambiguous GDPR environment, interpreted and enforced by each country's Data Protection Authorities should put the fear of god into the big US-based data-wranglers.
Unfortunately, we're already working to dilute and re-invent the GDPR into our own UK version, for the benefit of our big US-based friends and for government (ab)use..