The French national prosecutor’s office in Paris has opened a “preliminary investigation” into the National Security Agency’s (NSA) PRISM surveillance program, French media reported on Wednesday. (Don't forget, France's own spy agency, the DGSE, likely engages in similar practices.)

The inquiry has been underway for over a month, but it's only now being publicly disclosed through an anonymous judicial source who talked with the Agence France Presse (Google Translate). The investigation began on July 16 to investigate the “illicit collection of personal data” of French citizens.

Two French human rights groups, the International Federation for Human Rights (FIDH) and the French Human Rights League (LDH), filed a complaint against “persons unknown.” However, they did name a slew of tech companies previously identified in the Snowden disclosures as “potential accomplices” of the NSA and the FBI. (Read the July 11, 2013 French-language legal complaint here as a PDF file.)

Earlier this month, the “Article 29 Data Protection Working Party” (the pan-European Union group of data protection officials) collectively wrote a letter (PDF) to the EU’s justice commissioner, Viviane Reding, expressing “alarm.”

The group’s leader, Jacob Kohnstamm, wrote:

The WP29 would however like to know when US authorities consider personal data to be inside the US, especially given the continuously increasing use of the Internet for processing personal data, where much information currently is stored in the cloud, without knowing the exact location of the datasets, and following the global scale of backbone networks and their inherent capability to convey a wide range of communication services. It needs to be determined whether data on communication networks that are only routed through the United States (data that are in transit) are also subject to collection for the aforementioned intelligence programs. To this end, WP29 has so far considered that European law does not apply to personal data that is only in transit in the European Union, following article 4(1)c directive 95/46/EC. Applying the same reasoning would suggest that US law should not apply to data that is only in transit on its territory.

There's been no word as to what action, if any, the European Union can take in the situation.