Answer given by Mrs Reding on behalf of the Commission
The Honourable Member refers to the suggestion of a Dutch Minister that public authorities could set a requirement in a contract on service providers not to transfer European citizens' personal data to the US authorities under the Patriot Act.
At this stage, the Commission is not in a position to assess comprehensively the compliance of such requirement with EC law or obligations under the WTO's Government Procurement Agreement (GPA). The Commission notes however that under the GPA suppliers from the USA do not have a right of access to subcentral procurement for services in the EU.
Entities operating in the EU territory, regardless where their headquarter is, have to comply with EC law in general, including data protection rules and contracting authorities may set, in compliance with the applicable EU public procurement rules, requirements in their procurement that ensure compliance with these rules.
Following the reply to Written Question E‑006901/2011(1), the Commission has discussed with the US counterparts the requests to obtain data on the basis of the US ‘Patriot Act’ from private entities having a presence in the US and with processing activities in EU. The Commission's understanding of these discussions is that in case requested data are located in the EU, the US authorities will seek assistance from the relevant Member State using existing police and judicial cooperation channels, such as the EU‑US Mutual Legal Assistance agreements.
The Commission will continue the dialogue with our international partners, Member States and their authorities, including data protection authorities in order to identify the best solution to address the issue of access by law enforcement authorities to data outside their territory.