Our relationship with devices and software is intimate and increasingly conversational – it is becoming part of our selves. All of these data can reveal ever more intimate data, some of which we might be unaware of ourselves. That’s why access to data, other than by the user, must be protected.
Put simply, the use of end-to-end encryption must be the default in-transit and in-rest. And metadata generated should be strictly limited. If deviation from the default is to occur, other essential and equivalent safeguards in law are required.