We know it is a mess, but here you go for another:
For years now, reports have shown that US firms claim to follow privacy rules in order to obtain EU citizen information. However, no control, no checks, no nothing. Just take it. Several critial reports the last 10 years..nothing is done.
If there is no reward and only problems for safeguarding privacy, why should you?
Update: Public rewards EU parlementarians standing up though.