Sec. 14. Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
This means US agencies shall not apply privacy regulations to foreigners. This might threaten the new Privacy Shield agreement between the EU and the US which requires a data protection level comparable to EU standards in order to allow transfer of personal data to the US. Companies might therefore face legal uncertainties in future when they process personal data under US legislation. To avoid those risks, European companies should rely on European infrastructure providers solely.
Further details at heise.de (in German).