Answer given by Mrs Reding on behalf of the Commission
As a matter of public international law, a legal act enacted by a third country cannot be directly and automatically applied in the territory of the EU unless — exceptionally — Union law or Member States law explicitly recognises effects of such an act in their respective jurisdiction. The Commission considers that when a law enforcement authority in the US realises that necessary information is outside its jurisdiction, the appropriate mechanism to obtain the data should be the cooperation mechanisms in place with EU Member States where those data are located, such as the EU‑US and the bilateral Mutual Legal Assistance agreement.
With regard to the US Communications Assistance for Law Enforcement Act, the Commission notes that this possible amendment is still under discussion and has not yet been tabled for adoption.
The Commission proposals of 25 January 2012(1) for a directive and a regulation on data protection acknowledge the necessity of cooperation, in certain cases, in order to allow for the exchange of personal data on important grounds of public interest, e.g. for authorities responsible for the prevention, detection, investigation and prosecution of crime.
When responding directly to requests from US authorities, companies may be in breach of national rules implementing the EU data protection acquis. Without prejudice to the competencies of the Commission as guardian of the treaties, it is up to the national supervisory authorities to ensure that transfers of personal data are made lawfully. When there is an indication that a Member State does not comply with its obligations under the Treaties, the European Commission may assess the need for appropriate action.