The end of the article makes it sound like just adding a clause to the terms & conditions saying the user agrees to his data being stored in the US would be enough to bypass this. They just can't assume they have that right under safe harbour.

Hopefully they'll restrict that and require a higher threshold for consent than someone clicking "I agree" to 100 pages of dense legalese.