27th May 2022


2013: Snowden was 'wake-up call' for GDPR

In the summer of 2013, American whistleblower Edward Snowden leaked highly-classified information from the National Security Agency, revealing that US intelligence services were collecting worldwide user-data from companies like Microsoft, Google, Apple, Yahoo, Facebook and YouTube.

At that time, the then EU commissioner for justice, Viviane Reding, was still trying to find majorities in the European Parliament and the European Council to update the 1995 Data Protection Directive, and replace it with the General Data Protection Regulation (GDPR) - which initially received a lot of criticism from MEPs and member states.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • 'The ethical problem comes when people starts handling their personal data without knowing the consequences of what they are doing,' said former justice commissioner Viviane Reding (Photo:

The contentious negotiations, very much influenced by intense lobbying from the US, radically changed after Snowden's mass-surveillance revelations.

"The Snowden scandal was a wake-up call, people suddenly understood that something very weird was going on and, all of the sudden, this triggered the question of individual digital rights," Reding told EUobserver.

"Citizens became upset against their governments, member states were aware that they could not block anymore [EU-wide] rules for the protection of digital rights, and European parliamentarians realised that their responsibility was to protect EU citizens' rights," she noted.

"I got a huge majority, almost unanimity, in the council and the parliament thanks to the Snowden revelations, so actually this scandal brought about the GDPR," she pointed out.

The GDPR's primary aim was to harmonise legislation within the bloc, and give back control to individuals over their data - but, so far, it has proven insufficient to change the behaviour of tech giants.

Now two years after its implementation, Reding argues that policymakers should concentrate enforcement efforts on "the systematic stealing of personal data for commercial or political purposes", since big tech companies "continue to steal" the data of individuals, without people's awareness.

"It is not enough to have a law, people need to be aware of what is happening," she said, adding that one of the most deeply-rooted problems of the current online ecosystem is related to this lack of consent.

"The consent [forms] are so complicated that nobody understands them. The law says very clearly that it needs to be explicit consent but, unfortunately, as it stands today, it is a 'tick-the-box' consent," she added.

This meaningless style of 'consent' has entitled big tech companies to gather trillions of data points about their users, for the core purpose of profit-making.

"The ethical problem comes when people start handling their personal data without knowing the consequences of what they are doing," warned Reding.

"But the misuse of personal data in order to influence the individual, against its own will and without that individual exactly knowing what is happening, is the real problem," she added.

The 2018 Cambridge Analytica scandal, in which Facebook users' data was collected without their consent for political advertising, once again set alarm bells ringing about the misuse of such mass-surveillance.

Both the Snowden and Cambridge Analytica scandals also undoubtedly raised awareness, helping citizens to understand the concept behind the 'Data is the New Oil' mantra.

But research shows that many European citizens still do not understand how online companies use their data.

That is why former commissioner Reding hopes for yet another wake-up call "that can help citizens at large understand that their data is something very personal and something that needs to be protected".

This article first appeared in EUobserver's latest magazine, 20 years of European journalism & history, which you can now read in full online.
EU's landmark GDPR failing to live up to full potential

The commission's two-year review also indicates that the authorities based in Ireland and Luxembourg - European headquarters to Google, Facebook, Twitter and Amazon - need a substantial boost in resources.

Will US privacy-lite hollow out GDPR?

Some say GDPR is the most developed data protection law in the world, but the US has opted for a very different approach - a "voluntary tool" based on privacy risk management.

EU warns Romania not to abuse GDPR against press

Romania's data protection authority has threatened a €20m fine against reporters investigating high-level corruption. The European Commission has since issued a warning, telling Romanian authorities to give press exemptions when it comes to privacy rights.

New GDPR enforcer says complaints imminent

The European Data Protection Board is a new EU body tasked with enforcing the EU's privacy laws with powers to impose massive fines. Its head Andrea Jelinek told reporters complaints against companies are expected to be immediate.


2018: Juncker: Far-right 'never had a chance' against the EU

The far-right rose in power over the span of 2017 and 2018. But for former EU Commission president Jean-Claude Juncker, they never posed a real threat. "They are not right because their basic societal analysis is wrong," he said.


2020: EU solidarity tested in face of Covid-19 pandemic

When decisive, coordinated action from EU institutions and member states was most needed to respond to the first coronavirus outbreaks, the bloc struggled to find a common and timely response. What lessons have been learned?

20 years of EUobserver

Our special anniversary magazine gives an overview of the major events of these past 20 years - and, for every event, we talked to one of the key players. It makes this magazine a document of recent EU history.

News in Brief

  1. Dutch journalists sue EU over banned Russia TV channels
  2. EU holding €23bn of Russian bank reserves
  3. Russia speeds up passport process in occupied Ukraine
  4. Palestinian civil society denounce Metsola's Israel visit
  5. Johnson refuses to resign after Downing Street parties report
  6. EU border police has over 2,000 agents deployed
  7. Dutch tax authorities to admit to institutional racism
  8. Rutte calls for EU pension and labour reforms

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic delegation visits Nordic Bridges in Canada
  2. Nordic Council of MinistersClear to proceed - green shipping corridors in the Nordic Region
  3. Nordic Council of MinistersNordic ministers agree on international climate commitments
  4. UNESDA - SOFT DRINKS EUROPEEfficient waste collection schemes, closed-loop recycling and access to recycled content are crucial to transition to a circular economy in Europe
  5. UiPathNo digital future for the EU without Intelligent Automation? Online briefing Link

Latest News

  1. EU summit will be 'unwavering' on arms for Ukraine
  2. Orbán's new state of emergency under fire
  3. EU parliament prevaricates on barring Russian lobbyists
  4. Ukraine lawyer enlists EU watchdog against Russian oil
  5. Right of Reply: Hungarian government
  6. When Reagan met Gorbachev — a history lesson for Putin
  7. Orbán oil veto to deface EU summit on Ukraine
  8. France aims for EU minimum-tax deal in June

Join EUobserver

Support quality EU news

Join us