Ireland’s Data Protection Commissioner (DPC) said on Monday it was trying to ascertain if Yahoo’s decision to scan clients’ email accounts at the behest of the U.S. authorities last year broke European law.
Sources have told Reuters that Yahoo (YHOO) used a software program to sift through millions of emails for specific information related to national security.
At the time last month, the DPC said it was seeking more information from Yahoo. Now it has begun actively investigating the case, it said on Monday.
“We are in regular contact with Yahoo! EMEA (Europe, Middle East and Africa) in clarifying certain facts of this case and will then proceed to take appropriate next steps,” a DPC spokeswoman said in a statement.
Yahoo did not respond to a request for comment.
Last month, it declined to confirm whether Europeans’ emails were intercepted as part of the program. Yahoo said it complied with the laws of the United States.
Lawyers said mass surveillance of EU citizens email would be against incoming European Union data rules.
Get Data Sheet, Fortune’s technology newsletter
The DPC, the lead European regulator on privacy issues for Yahoo because its European headquarters are in Dublin, is trying to ascertain what exactly Yahoo did and whether it breached the privacy rules that prevailed last year.
“We are receiving active and engaged responses to our queries,” the spokeswoman said.
Analysts said the email scanning could prompt Verizon Communications (VZ) to rethink the terms of a planned $4.8 billion takeover of Yahoo.