In case you missed it, Microsoft opened a can of worms in June when they were the first US company to finally admit that they would release data from any of their global datacentres if requested by the US goverment under the patriot act. This contravenes European data privacy regulations, and when you consider the kinds of data US companies hold (Lockheed Martin and the UK Census data for example!) it’s worrying. 

The EC’s justice commissioner Viviane Reding met with German Consumer Protection Minister Ilse Aigner last month, and it sounded promising.

We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud’.

Now ZD Net have published the draft documents, due to be released in January 2012. They look good, and comprehensive.

If the new act is broken,  member states’ data protection authorities will be able to impose sanctions, which can range up to a maximum of 5 percent of a company’s annual worldwide turnover. 

More from zdnet here http://www.zdnet.com/blog/london/european-data-protection-law-proposals-revealed/1365?tag=search-results-rivers;item5