The EU is currently arguing that IP addresses should be considered personal information and fall under data protection regulation. However, the Viacom case is showing that, as privacy advocates have been arguing, this may mean zilch in real terms.
Once EU users access a service, their details can be stored on servers anywhere in the world and the provenance of those details, in legal terms, becomes murky. Yes, they may be data theoretically protected under EU law but in practicality - as with the Google data - once those details are on US or other servers and demanded under US law for a case that has nothing directly to do with Europeans, it is going to be handed over despite EU protestations - if any.
If the data is, rightly or wrongly, so easily surrendered for a mere commercial case (and some prominent US privacy lawyers argue the Viacom judge was wrong to do so), then one can imagine the ease with which law enforcement might get hold of similarly highly revealing information.
All of which begs the question: what does online privacy really mean? Are EU data safeguards just political window dressing and if so, how can our privacy be better protected, as so many aspects of our private lives move inexorably online?