Snowden opened the lid on a whole load of things National Security was doing that we didn't know about. I do not think post-Snowden overnight we are aware of everything that is now being undertaken by "National Security" and herein is the problem. Its National Security, not International Security or EU security even within the EU, so countries are going to a greater or lesser extent protect their sovereign interests.
The realistic prospect of the USA having a sound privacy framework we can trust when the USA does not participate in the International Criminal Court (ICC) suggests to me that privacy compliance is merely to satisfy commercial interests rather than being interested in fair play. Look at the US issue with Apple and the FBI and imagine how that might play out if other countries were involved?
International privacy agreements / law one way or another for many years is going to be a mess. We are going to need to trust the provider of the solution, hardware, software or cloud to act in our best interest and protect our data as they have a commercial interest in ensuring we trust the brand to continue to buy from them.
To me the irony is the messier it privacy law becomes, the more cognizant companies need to be aware of the potential commercial risks associated with having data located in one country or another. Safe Harbour was always a bit of a kludge and with its demise, my hope is companies that think about the bigger picture regarding data privacy and have a strategy to address this minefield.