17th Apr 2021


2013: Snowden was 'wake-up call' for GDPR

In the summer of 2013, American whistleblower Edward Snowden leaked highly-classified information from the National Security Agency, revealing that US intelligence services were collecting worldwide user-data from companies like Microsoft, Google, Apple, Yahoo, Facebook and YouTube.

At that time, the then EU commissioner for justice, Viviane Reding, was still trying to find majorities in the European Parliament and the European Council to update the 1995 Data Protection Directive, and replace it with the General Data Protection Regulation (GDPR) - which initially received a lot of criticism from MEPs and member states.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • 'The ethical problem comes when people starts handling their personal data without knowing the consequences of what they are doing,' said former justice commissioner Viviane Reding (Photo:

The contentious negotiations, very much influenced by intense lobbying from the US, radically changed after Snowden's mass-surveillance revelations.

"The Snowden scandal was a wake-up call, people suddenly understood that something very weird was going on and, all of the sudden, this triggered the question of individual digital rights," Reding told EUobserver.

"Citizens became upset against their governments, member states were aware that they could not block anymore [EU-wide] rules for the protection of digital rights, and European parliamentarians realised that their responsibility was to protect EU citizens' rights," she noted.

"I got a huge majority, almost unanimity, in the council and the parliament thanks to the Snowden revelations, so actually this scandal brought about the GDPR," she pointed out.

The GDPR's primary aim was to harmonise legislation within the bloc, and give back control to individuals over their data - but, so far, it has proven insufficient to change the behaviour of tech giants.

Now two years after its implementation, Reding argues that policymakers should concentrate enforcement efforts on "the systematic stealing of personal data for commercial or political purposes", since big tech companies "continue to steal" the data of individuals, without people's awareness.

"It is not enough to have a law, people need to be aware of what is happening," she said, adding that one of the most deeply-rooted problems of the current online ecosystem is related to this lack of consent.

"The consent [forms] are so complicated that nobody understands them. The law says very clearly that it needs to be explicit consent but, unfortunately, as it stands today, it is a 'tick-the-box' consent," she added.

This meaningless style of 'consent' has entitled big tech companies to gather trillions of data points about their users, for the core purpose of profit-making.

"The ethical problem comes when people start handling their personal data without knowing the consequences of what they are doing," warned Reding.

"But the misuse of personal data in order to influence the individual, against its own will and without that individual exactly knowing what is happening, is the real problem," she added.

The 2018 Cambridge Analytica scandal, in which Facebook users' data was collected without their consent for political advertising, once again set alarm bells ringing about the misuse of such mass-surveillance.

Both the Snowden and Cambridge Analytica scandals also undoubtedly raised awareness, helping citizens to understand the concept behind the 'Data is the New Oil' mantra.

But research shows that many European citizens still do not understand how online companies use their data.

That is why former commissioner Reding hopes for yet another wake-up call "that can help citizens at large understand that their data is something very personal and something that needs to be protected".

This article first appeared in EUobserver's latest magazine, 20 years of European journalism & history, which you can now read in full online.
EU's landmark GDPR failing to live up to full potential

The commission's two-year review also indicates that the authorities based in Ireland and Luxembourg - European headquarters to Google, Facebook, Twitter and Amazon - need a substantial boost in resources.

Will US privacy-lite hollow out GDPR?

Some say GDPR is the most developed data protection law in the world, but the US has opted for a very different approach - a "voluntary tool" based on privacy risk management.

EU warns Romania not to abuse GDPR against press

Romania's data protection authority has threatened a €20m fine against reporters investigating high-level corruption. The European Commission has since issued a warning, telling Romanian authorities to give press exemptions when it comes to privacy rights.

New GDPR enforcer says complaints imminent

The European Data Protection Board is a new EU body tasked with enforcing the EU's privacy laws with powers to impose massive fines. Its head Andrea Jelinek told reporters complaints against companies are expected to be immediate.


2018: Juncker: Far-right 'never had a chance' against the EU

The far-right rose in power over the span of 2017 and 2018. But for former EU Commission president Jean-Claude Juncker, they never posed a real threat. "They are not right because their basic societal analysis is wrong," he said.


2020: EU solidarity tested in face of Covid-19 pandemic

When decisive, coordinated action from EU institutions and member states was most needed to respond to the first coronavirus outbreaks, the bloc struggled to find a common and timely response. What lessons have been learned?

News in Brief

  1. EU postpones decision on labelling gas 'sustainable'
  2. MEPs call for mass surveillance ban in EU public spaces
  3. Greek and Turkish ministers trade jibes in Ankara
  4. Biden repeats opposition to Russia-Germany pipeline
  5. Navalny in danger, letter warns EU foreign ministers
  6. Lithuania keen to use Denmark's AstraZeneca vaccines
  7. Gas plants largest source of power-sector emissions
  8. Study: Higher risk of blood clots from Covid than vaccines

20 years of EUobserver

Our special anniversary magazine gives an overview of the major events of these past 20 years - and, for every event, we talked to one of the key players. It makes this magazine a document of recent EU history.

Stakeholders' Highlights

  1. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  2. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance
  3. Nordic Council of MinistersThe Nordic Region can and should play a leading role in Europe’s digital development
  4. Nordic Council of MinistersNordic Council to host EU webinars on energy, digitalisation and antibiotic resistance
  5. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  6. Nordic Council of MinistersWomen benefit in the digitalised labour market

Latest News

  1. US rejects Slovenia-linked plan to break up Bosnia
  2. Ukraine urges Borrell to visit Russia front line
  3. Could US sanctions hit Russia vaccine sales to EU?
  4. Polish court pushes out critical ombudsman
  5. Political crises in Romania and Bulgaria amid third wave
  6. Von der Leyen's summer plans undisclosed, after Ukraine snub
  7. Over a million EU citizens back farm-animal cage ban
  8. Three options for West on Putin's Ukraine build-up

Join EUobserver

Support quality EU news

Join us