Rules on data export
The rules on the export of personal data (of which the content of an email between individuals would be an example) are clear and covered under the European data protection laws. It is an offence to 'export' data without the recipient being designated a data processor and the relevant contracts already being in place. See the Reg article here : http://www.theregister.co.uk/2010/05/19/eea_personal_data/. It is also very clear that it is the location of the data controller that is the key - and data controllers must be in the local EU jurisdiction.
There is clearly no blanket exclusion to this that would allow companies whose ultimate ownership is outside the UK to export personal data, even where the legal authorities in the requesting legal jurisdiction demanded it. In fact there are specific agreements in place with the US for the sharing of airline passenger information with US Homeland Security.
The implications of allowing, for example, any foreign jurisdiction to force the export of criminal history, medical history, DNA information, financial transactions would be quite substantial. As someone pointed out, much (probably most) of the UK government's data is held in data centers owned and run by US companies such as IBM, HP etc, so allowing this would mean that an arbitrary US court could request pretty much anything they wanted.
There are so many new (and often untested in court) laws around data privacy and security that this is likely to take some time to play out. It's even possible that it would be a serious criminal offence (aka computer misuse act) for a US based Microsoft employee to access private data held in Ireland against the local regulations - this would be considered the equivalent of computer hacking.
My understanding is that if Microsoft were to fulfil the request from the US court, then (assuming the data is personal, and is related to a EU citizen) then the registered data controller for that data in Ireland would have failed in their duty to protect the data and so Microsoft Ireland could also be fined.
If the data is pertaining to a US citizen located in the US then there is probably no breach, however if the individual purchased a service from the local service provider (i.e. the US based individual directly contracted for the service with, in this case, an Irish provider) then the law starts to become a little murky. I have no idea what the situation is if the US citizen happens to be in the US ...
All this, of course, depends on the T&Cs of the service that was purchased, and of course we all always read that small print, don't we ....