22nd Apr 2021


2013: Snowden was 'wake-up call' for GDPR

In the summer of 2013, American whistleblower Edward Snowden leaked highly-classified information from the National Security Agency, revealing that US intelligence services were collecting worldwide user-data from companies like Microsoft, Google, Apple, Yahoo, Facebook and YouTube.

At that time, the then EU commissioner for justice, Viviane Reding, was still trying to find majorities in the European Parliament and the European Council to update the 1995 Data Protection Directive, and replace it with the General Data Protection Regulation (GDPR) - which initially received a lot of criticism from MEPs and member states.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • 'The ethical problem comes when people starts handling their personal data without knowing the consequences of what they are doing,' said former justice commissioner Viviane Reding (Photo:

The contentious negotiations, very much influenced by intense lobbying from the US, radically changed after Snowden's mass-surveillance revelations.

"The Snowden scandal was a wake-up call, people suddenly understood that something very weird was going on and, all of the sudden, this triggered the question of individual digital rights," Reding told EUobserver.

"Citizens became upset against their governments, member states were aware that they could not block anymore [EU-wide] rules for the protection of digital rights, and European parliamentarians realised that their responsibility was to protect EU citizens' rights," she noted.

"I got a huge majority, almost unanimity, in the council and the parliament thanks to the Snowden revelations, so actually this scandal brought about the GDPR," she pointed out.

The GDPR's primary aim was to harmonise legislation within the bloc, and give back control to individuals over their data - but, so far, it has proven insufficient to change the behaviour of tech giants.

Now two years after its implementation, Reding argues that policymakers should concentrate enforcement efforts on "the systematic stealing of personal data for commercial or political purposes", since big tech companies "continue to steal" the data of individuals, without people's awareness.

"It is not enough to have a law, people need to be aware of what is happening," she said, adding that one of the most deeply-rooted problems of the current online ecosystem is related to this lack of consent.

"The consent [forms] are so complicated that nobody understands them. The law says very clearly that it needs to be explicit consent but, unfortunately, as it stands today, it is a 'tick-the-box' consent," she added.

This meaningless style of 'consent' has entitled big tech companies to gather trillions of data points about their users, for the core purpose of profit-making.

"The ethical problem comes when people start handling their personal data without knowing the consequences of what they are doing," warned Reding.

"But the misuse of personal data in order to influence the individual, against its own will and without that individual exactly knowing what is happening, is the real problem," she added.

The 2018 Cambridge Analytica scandal, in which Facebook users' data was collected without their consent for political advertising, once again set alarm bells ringing about the misuse of such mass-surveillance.

Both the Snowden and Cambridge Analytica scandals also undoubtedly raised awareness, helping citizens to understand the concept behind the 'Data is the New Oil' mantra.

But research shows that many European citizens still do not understand how online companies use their data.

That is why former commissioner Reding hopes for yet another wake-up call "that can help citizens at large understand that their data is something very personal and something that needs to be protected".

This article first appeared in EUobserver's latest magazine, 20 years of European journalism & history, which you can now read in full online.
EU's landmark GDPR failing to live up to full potential

The commission's two-year review also indicates that the authorities based in Ireland and Luxembourg - European headquarters to Google, Facebook, Twitter and Amazon - need a substantial boost in resources.

Will US privacy-lite hollow out GDPR?

Some say GDPR is the most developed data protection law in the world, but the US has opted for a very different approach - a "voluntary tool" based on privacy risk management.

EU warns Romania not to abuse GDPR against press

Romania's data protection authority has threatened a €20m fine against reporters investigating high-level corruption. The European Commission has since issued a warning, telling Romanian authorities to give press exemptions when it comes to privacy rights.

New GDPR enforcer says complaints imminent

The European Data Protection Board is a new EU body tasked with enforcing the EU's privacy laws with powers to impose massive fines. Its head Andrea Jelinek told reporters complaints against companies are expected to be immediate.


2018: Juncker: Far-right 'never had a chance' against the EU

The far-right rose in power over the span of 2017 and 2018. But for former EU Commission president Jean-Claude Juncker, they never posed a real threat. "They are not right because their basic societal analysis is wrong," he said.


2020: EU solidarity tested in face of Covid-19 pandemic

When decisive, coordinated action from EU institutions and member states was most needed to respond to the first coronavirus outbreaks, the bloc struggled to find a common and timely response. What lessons have been learned?

News in Brief

  1. Golden backdoor to EU exposed in Malta
  2. India hits 1m infections in four days
  3. Report: Biden to call out Turkey on 1915 Armenia 'genocide'
  4. Putin threatens West with Cold-War geometry
  5. Coronavirus: Japan to declare state of emergency in Tokyo
  6. Navalny must now be treated abroad, UN experts say
  7. World body stigmatises Syria for gassing own people
  8. Hungary to tweak NGO and university law after EU rulings

20 years of EUobserver

Our special anniversary magazine gives an overview of the major events of these past 20 years - and, for every event, we talked to one of the key players. It makes this magazine a document of recent EU history.

Stakeholders' Highlights

  1. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  2. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance
  3. Nordic Council of MinistersThe Nordic Region can and should play a leading role in Europe’s digital development
  4. Nordic Council of MinistersNordic Council to host EU webinars on energy, digitalisation and antibiotic resistance
  5. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  6. Nordic Council of MinistersWomen benefit in the digitalised labour market

Latest News

  1. Chemical-weapons vote reveals 'friends of Syria' axis
  2. Russia should pay 'costs' for Czech attack, US says
  3. Merkel 'open' to EU treaty change on health
  4. EU seeks global AI leadership with new rules
  5. EU defers decision on gas and nuclear as 'green' energy
  6. After China ban, Romania hit by illegal waste imports
  7. Hungary: Why we oppose carbon price, but back gas
  8. EU negotiators strike deal on climate 'law of laws'

Join EUobserver

Support quality EU news

Join us