...

I've heard noises from Spanish, Dutch, French and German data protection agencies that suggest they are not at all happy with the US because there seems to be a total unwillingness to cnform to international obligations entered into by the government (especially if the administration that signed the treaty was a different part from the current one). One of the Commissioners was also pushing on this about a month back, I can't remember which one.

I think people in the USA have problems understanding why the European reaction is what it is. The reason for it isn't that some military guy with good access decided to blow it all. It's not even that what he blew is directly relevant to European concerns about data protection (although European concerns about human rights have been brought into play). It's that what he blew confirms what people have suspected for a long time; that as far as the USA administration and some of the government agencies are concerned the (USA) law doesn't matter, the constitution is irrelevant old hat, and anything goes. The latest relevations aren't directly relevant to data protection issue but if that's how well you lot protect really secret stuff how well should we expect you to protect merely "safe harbor" stuff? And they have tended to give the impression that the NSA (and perhaps some other agencies) and the administration are not interested in any limits that the laws (or the constitution) of the USA places on them, which makes it pretty obvious that they won't care a toss about treaty obligations or international law either. And it was proved 11 years ago that your really secure military systems were secured to a level vastly inferior to what the average 11 year old could manage (google Gary MacKinnon; yes, he was more than 11 years old; he was also a nutcase, trying blank and default passwords, not a competent hacker). So there's always been distrust in your capability to meet your obligations; and evidence that your government and your NSA don't care about your own law doesn't encourage trust in your intention to do so.

So what it comes to, is that a lot of people in the EU are saying something like "if they appear neither willing nor able to meet their obligations to keep this data secure and to refrain from using it for any purposes other than those agreed, hadn't we better stop letting them see it?".

In my view, the people saying that are right. In my government's view (I'm a Brit) they are wrong. Other EU nations have different governments with different views. If you look at El Reg (you should be able to guess which that is of the sources of articles I listed above - it refers to itself as "el reg" just to annoy its majority audience, who are as anglophonically monolingual as the average American) you'll find a big variety of opinion - but do read the comments as well as the articles if you want a feel for how people (at least people with an IT connection, somehow, maybe just a vague connection, who like provocatively presented news in English) are thinking. About the end of August for the date, I think - could well be wrog, though.