[schoen]

I think I've asked this in many prior threads, but maybe I'll repeat it here.

Europeans often explain that they see the need for strong privacy laws because of their experience with totalitarianism (Nazi and Communist regimes). But most of those laws regulate private-sector databases and private-sector data collection, not law enforcement or intelligence; and many of them actually contain explicit exemptions for governments.

Clearly, governments have made lots of use of private-sector databases, so it's not as though they're not a risk if you're concerned about totalitarianism. But wouldn't it make sense to focus more on the state than on the private sector?

I know Europeans (especially in the 2000s) have been quicker than people elsewhere to endorse the idea that all state activities (including those of security agencies) need a legal basis and should comply with necessity and proportionality. So that's cool. But I still don't see how the intuition works like "the SD / Stasi / KGB were spying on everyone and that was awful, so we obviously see it's important to restrict ... private-sector databases! but not (as much¹) state access to financial, travel, location, and communications data".

¹ clearly there are some regulations, and they get fought over in constitutional and European courts, but there's also a ton of "we have to make sure the state can monitor people" initiatives all over Europe!