The article doesn't mention the "Safe Harbor" provisions. This is a negotiated exception to EU Data Protection - roughly speaking, US companies can export the data to the US, as long as they promise to give equivalent protection. Google uses this to allow it to operate with personal data in the EU.
If Google have exported the data to a US jurisdiction under Safe Harbor, then a subsequent PATRIOT Act request wouldn't need to involve any EU-stored data or EU companies.
This seems like a much more general issue with exceptions like Safe Harbor, and something that people/companies should bear in mind. Promises like "equivalent" protection don't help with new local laws which can always trump anything.
They certainly violated the spirit, but may not have violated any actual rules. I could imagine that there's some exclusion in the safe harbor rules for "national security".
It's not clear whether the Data Protection laws were ever designed to guard against national governments. I imagine that those who wrote them were really thinking about avoiding disclosure to private individuals or other companies.
If Google have exported the data to a US jurisdiction under Safe Harbor, then a subsequent PATRIOT Act request wouldn't need to involve any EU-stored data or EU companies.
This seems like a much more general issue with exceptions like Safe Harbor, and something that people/companies should bear in mind. Promises like "equivalent" protection don't help with new local laws which can always trump anything.