Pretty much what it says on the tin. If it's stored on a cloud service controlled by a US company, the data can be seized under US law.

Microsoft UK's MD took a question at the Office 365 launch about whether EU-stored data could be seized under the US Patriot Act, and if so, whether customers would be notified. The answer was "yes, and "maybe" respectively, pointing out that just like any other company, they have to comply with local laws:

Though he said that “customers would be informed wherever possible”, he could not provide a guarantee that they would be informed — if a gagging order, injunction or U.S. National Security Letter permits it.

He said: "Microsoft cannot provide those guarantees. Neither can any other company".
(Full article)

Hopefully this will finally put paid to the FUD that keeps being perpetuated about how Office 365 is somehow magically better in terms of Data Protection than Google Apps. It's not. They both kinda suck.