Europe is already covered by the European data protection directive, recently updated in 2012 and 2013.
The directive, essentially, makes the whole of Europe a data enclave, out of which data can only be passed if it's subject to the same laws as would apply within that enclave.
Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.
We (UK personally) already have the data protection legislation in place. The law is very clear on what's allowed. But the laws just aren't being followed.