All the points in the article are valid; the Judicial Redress Act is awful. But I still don't understand something. The FTC's argument is that the JRA doesn't affect Privacy Shield, because the JRA weakens the US Privacy Act, and Privacy Shield is not based on the US Privacy Act.
What exactly is the counter-argument there? Because if Privacy Shield does not depend on the US Privacy Act, then Europeans shouldn't have to care too much whether the US Privacy Act gets dumped in the crapper (now, everyone else, that's another matter).
Also, one or more of these organizations really need to go to the ECHR with this.