...Since Bowden’s report, several amendments to the data
protection reform bill have been put forward, and they appear to
be directly aimed at addressing potential U.S. snooping. One,
proposed by Dutch member of European Parliament Sophia in 't Veld,
would prohibit the transfer of personal data to cloud services
under the jurisdiction of a “third country” (such as the United
States) unless various criteria are met. These include obtaining
the consent of the citizen and ensuring that he or she is notified
of the “possibility of the personal data being subject to
intelligence gathering or surveillance by third-country
authorities.” A similar amendment put forward by Greek MEP
Dimitrios Droutsa would also require that citizens are notified if
their data are to be transferred to a third country’s
jurisdiction. And another, proposed by Spanish MEP Carmen Romero
López, would encourage whistleblowers to expose “unlawful
processing of personal data” in cases involving third countries,
offering safeguards against “laws prohibiting the uncovering of
such unlawful processing”—which could include state secrecy laws
designed to prevent disclosure of surveillance tactics.
(for those who haven't seen the report to EP, the gist is well
covered
here)