“What do you do when the most powerful institutions in society have become the least accountable to society?”

That was the question Edward Snowden, the former National Security Agency contractor who blew the whistle on numerous global surveillance programs, put to an audience of thousands at the Web Summit technology conference in Lisbon, Portugal on Monday.

“That’s the question our generation exists to answer,” he added.

Snowden, speaking via video link, said the thing that “chilled” him the most in his discovery of the spying operations was that “intelligence collection and surveillance more broadly was happening in an entirely different way,” and was “no longer the targeted surveillance of the past.”

In 2013, Snowden’s name hit the headlines after the whistleblower leaked classified documents with journalists that detailed surveillance programs run by the NSA that tapped people’s cell phone and internet communications.

Washington subsequently charged Snowden with espionage and theft of government property, while his passport was also revoked. He was then granted asylum in Russia, and has lived there ever since.

Snowden recently released a memoir, “Permanent Record,” detailing the events that led up to his leaking of classified documents with journalists. The U.S has sued him over the book, alleging he violated non-disclosure agreements he signed with the NSA and CIA.

“They don’t like books like this being written,” Snowden said Monday, in response to pressure from U.S. authorities on his autobiography.

“We have legalized the abuse of the person through the personal,” he said, adding that the widespread collection of data by governments and corporations entrenches “a system that makes the population vulnerable for the benefit of the privileged.”

EU privacy overhaul ‘misplaces the problem’

Snowden also directed some criticism at data privacy authorities that have tried to step up regulation on companies over how they handle user data. He said the EU’s General Data Protection Regulation, which is aimed at giving people control of the information collected on them by businesses, “misplaces the problem.”

“The problem isn’t data protection, the problem is data collection,” Snowden said. “Regulation and protection of data presumes that the collection of data in the first place was proper, that it is appropriate, that it doesn’t represent a threat or a danger.”

GDPR, which was introduced last year, threatens to impose fines of up to 4% of a company’s global annual revenues or 20 million euros ($22.3 million) - whichever is the higher amount.

“Today those fines don’t exist,” Snowden argued, “and until we see those fines every single year to the internet giants until they reform their behavior and begin complying not just with the letter but the spirit of the law, it is a paper tiger.”