As an european, and IMHO, the deal is useless.
We need to file a case on our country Data Protection Org. that will review the case and escalate it to US (if I understood correctly)... to many steps that will end in a dead-end.
Protection should be implemented by default not on user request.