The disclosures around the National Security Agency's Prism project have reignited simmering tensions between Europe and the US over privacy.
There are strict guidelines around how data about European citizens can be treated if it is exported outside of Europe. European Commission vice president Viviane Reding has written to US Attorney General Eric Holder with a number of questions about the surveillance programme, and whether it has targeted European Union citizens; she plans to raise it at a meeting with him in Dublin later this week.
US director of intelligence James Clapper has described Prism as a "an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence".
Reding took to Twitter today to voice concerns about Prism, saying: "This case shows why a clear legal framework for the protection of personal data is not a luxury but a necessity," and added: "European citizens expect 100 percent respect for their fundamental right to have their personal data protected."
It's not a new issue, but Prism has certainly reignited the issue, and it has been raised before by Europe in the context of the negotiations concerning the EU-US data protection agreements around policing.
The European Commission argues that the data protection reform, which aims to upgrade its 18-year-old data privacy legislation, should give it a framework to deal with issues such as Prism (in particular the section knownas "Recital 90").
And among other things, the proposed legislation includes a "right to be forgotten" which would allow EU citizens to ask that their data be deleted if they no longer want them to be processed and there are no legitimate reasons for keeping them.
The Commission wants to implement new rules to clarify legal grey areas; for example, when companies collecting and handling personal data of Europeans could end up faced with conflicting laws in two different countries, and having to chose between them.