Edward Snowden - 10 years on: Was it enough or do we need to do more?

What is the impact of Edward Snowden's revelations a decade ago and what is the current state of privacy? The Snowden leaks exposed programmes such as PRISM, Tempora and XKeyscore, leading to a significant change in society's perception of privacy. This has led to laws like the RGPD in Europe and the USA Freedom Act, aimed at protecting our privacy. However, privacy is still not sufficiently protected.

Prior to 2013, data protection awareness was not widespread. Internet users often did not understand the extent of their online data footprint and how it could be used by third parties. The Snowden revelations in 2013 changed that, sparking a global debate about the balance between security and privacy in the digital world.

Here are the changes that have occurred since Snowden's revelations:

1. Increased privacy awareness: Users are now more aware that their online activities can be monitored and their data collected, which has led to a demand for secure and privacy-friendly services.

2. Legislation: Regulatory measures have been introduced to better protect citizens' privacy. These include the RGPD in Europe and the USA Freedom Act.

3. Encryption: The use of encryption technologies has increased dramatically, with many messaging services now offering end-to-end encryption by default.

4. Privacy-friendly services: Many companies have introduced more privacy-friendly services in response to user demand.

5. Activism: There has been a rise in privacy activism, with more and more organisations and individuals advocating data protection and privacy.

Despite these changes, privacy is still not guaranteed by law. The advent of applications, digital services and the IoT has led to an increase in the number of digital traces that can be exploited. AI makes it easier to exploit these traces, and some entities don't even care about legality.

Dark forces" want to destroy the achievements listed above:

1. Legislation: Since July 2020, the "Privacy Shield", the agreement that authorised the transfer of data from European citizens to the United States, has been annulled by the CJEU - in particular because of Section 702 and its lack of safeguards for Europeans. New negotiations are under way, but this specific aspect is not even mentioned, even though a new version is expected before the old one expires on 31 December this year. Max Schrems, the famous Austrian jurist behind the 'Schrems 1' and 'Schrems 2' rulings, which brought down the US-EU data transfer agreements, believes that this pattern is likely to be repeated for a long time to come, prompting him to say that at this rate, "we'll have a Schrems 6, which will last until I retire". One wonders what kind of game the European Union is playing, whether it is an independent lawyer who is denouncing the legal spying on European citizens by the USA, and what forces are really at work on this issue.

2. Another example: Ireland has proposed an amendment (section 26A) to classify as confidential certain information arising from complaints relating to the RGPD. This means that details of breaches committed by technology giants could no longer be made public. The proposal, included in the Jurisdiction and Civil Law Bill 2022, is being criticised by civil rights campaigners, who are calling on Irish politicians to reject it. Yet this amendment, which prevents citizens from knowing what has actually been breached with regard to their data, has been voted through by the Irish government. Ireland has long been regarded as Europe's weak link when it comes to privacy. This example shows that the law is sometimes too effective for big business, and that they are doing everything they can to weaken it. And this despite the already existing flaw in the Privacy Shield...

3. Encryption: To combat child pornography, the European Commission wants to review the end-to-end encryption of applications. A strategy that is not only ineffective in the fight against cybercriminals, but also dangerous for the protection of privacy, as Timothée Rebours of Seald explains. Removing encryption would put everyone at risk, and putting in a backdoor would run the risk of cyber criminals getting hold of it, making encryption obsolete for everyone but them...

An estimate of the value of your personal data can be made by looking at Google's figures: on average, a Google user earns $26 a year, but this figure conceals a huge disparity: a user in the US should earn around $220 a year, $120 in Europe and much less in the rest of the world. If we multiply these sums by the companies that use our data, we can clearly see that the services provided in exchange are worth much less. So it's vital to inform yourself about how your data is used, to use tools to protect it and to support privacy activists. Privacy is a societal issue that requires collective action.