Most large European corporations have known this for ages, and it's still a big obstacle for cloud offerings here in Europe when dealing with sensitive (or just very bureaucratic) engagements.
I know of at least one (massive) US company that had to create a special data centre in the UK to host sensitive financial data for a (massive) bank, because US-based servers were a huge no-no due to Patriot Act. In that case, it was promised that the provider might have to comply with US requests anyway, but would have been entitled to at least notify the client in advance... and I bet there was a huge discount to sweeten the deal.
I know of at least one (massive) US company that had to create a special data centre in the UK to host sensitive financial data for a (massive) bank, because US-based servers were a huge no-no due to Patriot Act. In that case, it was promised that the provider might have to comply with US requests anyway, but would have been entitled to at least notify the client in advance... and I bet there was a huge discount to sweeten the deal.