1. Is the Commission aware that on the basis of the Patriot Act, the US authorities can access personal data stored in the EU by companies with headquarters in the US? (http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225)
2. How does the Commission assess this situation against its statement in July 2007 (http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=P‑2007-3213&language=EN): ‘5. The Commission has examined with Member States’ data protection authorities whether organisations in the commercial sector with operations or activities in the US, in particular financial services companies, have been subjected to measures taken by US authorities, requiring them to provide them personal data stored in the EU. It appears that Member States’ data protection authorities are not aware of such measures, although one national data protection authority has however reported that some companies incorporated in its territory have been confronted with this request which was not made pursuant to legal instruments for international legal assistance. ’
3. Does the Commission consider that the US Patriot Act thus effectively overrules the EU Directive on Data Protection 95/46/EC?
4. What will the Commission do to remedy this situation, and ensure that EU data protection rules can be effectively enforced and that third country legislation does not take precedence over EU legislation?