1. An AWS Ireland instance bought by a EU member: here the storage box analogy should apply fully. The data is indeed geographically located and being operated within that geography. US courts need to accept that they need to go through the local authorities to get a warrant for that data just like they would for any physical good.

2. A worldwide distributed database like the Facebook graph: here the analogy breaks down completely and the US courts are taking advantage of that to access anything they like. I'm sure their tune would change if suddenly the Chinese authorities forced the local Facebook subsidiary to hand over all the data of US citizens. For this the solution will need to be an international arbitration for data access. If the database is not geographically bound then the mechanism to ensure its privacy will have to be international as well.

I think the Microsoft case was of type 1 and so new laws should not be needed. Cases of type 2 will be much harder and it may very well mean that Facebook becomes de facto illegal in Europe.