Professor Bignami's take on the matter is original and insightful. She asks whether the NSA call database would have complied with EC data protection law had a government of a member State of the EC tried to set it up instead of the US government. To answer that question, she describes and analyses all the conditions which would have to be complied with in European law.
To see her answer, go over and read her post for yourself.
But the interest of the post lies not only in her deft analysis of EC law but in the fact that Professor Bignami undertakes a clever comparative analysis of US and EC privacy regimes. The consequence is that one can see how much the two legal systems have diverged since the 1970s having started out together on a similar footing with similar concerns.