Hosting data locally in EU doesn't solve privacy problem because the servers are still operated by USA companies that can (and obviously will) share the data with NSA. The solution is to create more local services so the data never leave the country. It is also better economy-wise so the money stay in the country too.
That's one thing that the GDPR (General Data Protection Regulation)[0] which is in the legislative pipeline at the moment is looking to fix.
The proposals include being able to levy a fine up to €1,000,000 or up to 5% of the annual worldwide turnover (whichever is greater) if they fail to comply with EU data protection rules.
