Patrick Baillie, CloudSigma CEO, recently wrote a primer in Forbes magazine on EU vs. US data privacy and disclosure requirements. You can read his article, Can European Firms Legally Use U.S. Clouds To Store Data, here.
His main point is that the two systems’ divergent claims on SaaS providers cannot be mediated — in short, Baillie says that if you work with a US provider or even a US data center physically located in the EU, you may have put yourself and your company at considerable risk under EU regulations.
He may or may not be right, at least about the data center part. I would think (I would hope) that EU physical presence means that local jurisdiction trumps foreign government claims via US-based group companies.
The jury’s still out on this issue. Right or wrong however, the article is worth reading.