First, moving to a big city has been an option in most of Europe at least since the 19th century.
Second, Privacy legislation like in Germany does work, e.g. it has happened to me at least once that an Agency that I parted in a bad way (basically the customer was very embarrassing for the Agency, and I milked them by basically offering to discuss the dirty laundry of said customer in Court) has offered me a new contract only two years later on. Reason: Storing more than what is necessary is not legal, so most Agencies in Germany do not have databases storing long details about contractors, OTOH, they did have my CV in their DB (I supplied it to them, so they had the right to store it), and their IT could tell them that I had worked in the past (keeping invoices for accounting purposes is a legal requirement). The employees that had dealt with me, had moved on, so the only people who might have commented on my unfriendly (even if legal, I just insisted on my legal rights, which is something many contractors don't know about, and the others usually don't insist on them) behaviour where basically the CEO and the legal counsel. Both not guys you would ask about random potential contractors.
So yes, arguably, the European system of privacy protection DOES (or CAN if enforced) work. Think HIPAA, but applied to all areas, with certain shades of grey (different data about a person requires different levels of protection, e.g. you really really have better an explicit legal requirement to store say the religion or medical data about a person, these are are considered highly sensitive)
The problem is that it's completely incompatible with the way the US system works. (It's not only the Patriot Act, it's also the civil court system with subpoenas and so on, which treat personal data in the US completely incompatible with the EU requirements) And for the moment, the European pols have decided to look away. As always that works for some time, but now the Courts are slowly (really slowly) starting to point out issues.
What the real issue here is, IMHO, is that this "looking away" is giving an unfair competitive edge to US companies, which regularly are doing stuff with European data that would be strictly illegal for European companies. (I happened to have worked as a freelancer for US and for European companies)
So basically, the EU has basically the following options (ordered by personal preference):
1.) enforce the Privacy guideline also against US companies.
2.) drop the Privacy guideline and go with the US model where personal data is owned by corporate entities.
3.) do nothing, meddle through like it's currently doing.
The sad thing is, that if you order it by likelihood of implementation, you get 3-1-2. (3 because that's what the US lobby is working for, because 2 is unlikely, considering that Privacy is a basic (constitutional, even if we don't call it that way in the EU, it's always "Treaty of X" or "Treaty of Y", the pols got burned quite a bit when they tried to create a document called "EU Constitution") Human Right.