It's not at all surprising, especially after they passed a law (the CLOUD act) specifically to get around that pesky problem of having to ask a foreigner for assistance if the information is stored abroad. The fact that any data stored anywhere where it is accessible to someone based in (or with links to) the USA is "fair game" to any Tom, Dick, or Donald with an official ID to go rummaging through it at will is why Safe harbour got canned, why Privacy
ShieldFigleaf got canned, and why any similar replacement will get canned just as soon as the process can drag itself through the courts in the EU.
Yet, I know for a fact that despite MS USA proving that it could reach out and grab data held in a data centre in Ireland, the cloud providers are still selling a false tale of security. And people who really ought to know better are busy selling services like Office 36
5 4 3 (or whatever they've gone down to so far this year) as secure and "there's no problem with GDPR as the data is held in an EU data centre" to small businesses who don't have the knowledge to query these blanket statements of "fact". Oh how I wanted (at my last place) to tell some of our clients the truth - there was a reason I was kept away from clients !