Please see this report, “commissioned by the European Parliament’s Policy Department
for Citizens’ Rights and Constitutional Affairs at the request of the LIBE
Committee [Committee on Civil Liberties, Justice and Home Affairs],” here.
From the Executive Summary of the report:
Generally, it can be concluded that the EU data protection framework in the law enforcement sector is shaped by comprehensive data protection guarantees, which are codified in EU primary and secondary law and are accompanied by EU and ECtHR case law. In contrast, US data protection guarantees in the law enforcement and national security contexts are sector specific and are therefore contained within the specific instruments which empower US agencies to process personal data. They vary according to the instruments in place and are far less comprehensive.
Above all, constitutional protection is limited. US citizens may invoke protection through the Fourth Amendment and the Privacy Act, but the data protection rights granted in the law enforcement sector are limitedly interpreted with a general tendency to privilege law enforcement and national security interests. Moreover, restrictions to data protection in the law enforcement sector are typically not restricted by proportionality considerations, reinforcing the structural and regular preference of law enforcement and national security interests over the interests of individuals. Regarding the scope and applicability of rights, non-US persons are usually not protected by the existing, already narrowly interpreted, guarantees. The same is true with regards to other US law. When data protection guarantees do exist in federal law, they usually do not include protection for non-US persons.