[Interview] 2013: Snowden was ‘wake-up call’ for GDPR

The contentious negotiations, very much influenced by intense lobbying from the US, radically changed after Snowden’s mass-surveillance revelations.

“The Snowden scandal was a wake-up call, people suddenly understood that something very weird was going on and, all of the sudden, this triggered the question of individual digital rights,” Reding told EUobserver.

“Citizens became upset against their governments, member states were aware that they could not block anymore [EU-wide] rules for the protection of digital rights, and European parliamentarians realised that their responsibility was to protect EU citizens’ rights,” she noted.

“I got a huge majority, almost unanimity, in the council and the parliament thanks to the Snowden revelations, so actually this scandal brought about the GDPR,” she pointed out.

The GDPR’s primary aim was to harmonise legislation within the bloc, and give back control to individuals over their data – but, so far, it has proven insufficient to change the behaviour of tech giants.

Now two years after its implementation, Reding argues that policymakers should concentrate enforcement efforts on “the systematic stealing of personal data for commercial or political purposes”, since big tech companies “continue to steal” the data of individuals, without people’s awareness.

“It is not enough to have a law, people need to be aware of what is happening,” she said, adding that one of the most deeply-rooted problems of the current online ecosystem is related to this lack of consent.

“The consent [forms] are so complicated that nobody understands them. The law says very clearly that it needs to be explicit consent but, unfortunately, as it stands today, it is a ‘tick-the-box’ consent,” she added.

This meaningless style of ‘consent’ has entitled big tech companies to gather trillions of data points about their users, for the core purpose of profit-making.

“The ethical problem comes when people start handling their personal data without knowing the consequences of what they are doing,” warned Reding.

“But the misuse of personal data in order to influence the individual, against its own will and without that individual exactly knowing what is happening, is the real problem,” she added.

The 2018 Cambridge Analytica scandal, in which Facebook users’ data was collected without their consent for political advertising, once again set alarm bells ringing about the misuse of such mass-surveillance.

Both the Snowden and Cambridge Analytica scandals also undoubtedly raised awareness, helping citizens to understand the concept behind the ‘Data is the New Oil’ mantra.

But research shows that many European citizens still do not understand how online companies use their data.

That is why former commissioner Reding hopes for yet another wake-up call “that can help citizens at large understand that their data is something very personal and something that needs to be protected”.