Everyone in Europe I talk to about online data agrees that this isn't empty talk. Practically it really isn't possible today to in a meaningful way avoid some of your data or data about your usage of the Internet to end up in the US.
But, I would argue that this is more of a change in mindset and awareness at this point, which eventually will force changes. Companies or local government will want their data to be stored in a jurisdiction where they at least have an influence over how it is protected. Balkanisation may be the result, or ineffectual laws and regulations, maybe even something useful. But I believe something will happen.
I'm surprised to see the focus on jurisdiction versus other more effective methods, like open-source encrypting locally prior to moving the data off-site. Key control and eliminating the need to trust third-parties is the way forward, not trusting that some government somewhere is going to follow the rules perfectly. This also has the added benefit of protecting against unauthorised third parties gaining access via back doors or hacking, etc.
These ineffectual laws and regulations you warn about are already in place. That's a dead end. It is time for people and corporations to take charge and make their data safe before it leaves their control. We've seen this happen on a big scale with Google now supposedly encrypting data between data centers, and on a (much) smaller scale with people like me using EncFS to encrypt before moving online backups to Dropbox.
I agree that encryption could mitigate the actual threat posed by government mass surveillance, but I also wonder how much of the new language in contracts is about consumer perception and boycotting.
That cuts both ways. As an US citizen, I have no reason to believe my data is safe, say, in Germany, and certainly not in France who have been caught using their spy agencies to spy on US companies before. What enforceable mechanism has the EU provided US citizens regarding data safety? How can I, as a US Citizen, audit what access an EU government has had to my data?
So, yes, Balkanization is the only likely outcome, without a one-world-government and one-world-policing.
Then you obviously didn't talk to the Swedish legislator that was perfectly fine with the fact that foreign surveillance agencies could read her email.
But, I would argue that this is more of a change in mindset and awareness at this point, which eventually will force changes. Companies or local government will want their data to be stored in a jurisdiction where they at least have an influence over how it is protected. Balkanisation may be the result, or ineffectual laws and regulations, maybe even something useful. But I believe something will happen.