A few years ago, Google CEO Eric Schmidt, when asked whether people should be sharing information with Google as if it were a "trusted friend", answered that if we don't want anyone to know what we do, we shouldn't be doing it in the first place. Data and privacy commissioners from several countries, including Australia, Canada and Switzerland, might have remembered this interview when they sent a letter to Google last week questioning the respect for privacy of Google Glass, a device you can wear and use to film and record other people without them being aware of it.

Google is not alone in using technology to snoop. Other private companies do it, as do states. And it has come to light that many technology companies have cosy relationships with state security agencies. Following the disclosure of the US surveillance programme Prism, top US security officials and some European leaders, including UK foreign secretary William Hague, used arguments similar to Schmidt's: if you've nothing to hide, you shouldn't worry.

I disagree. Privacy is a fundamental human right which is essential if we wish to live in dignity and security. It cannot be forfeited so easily. Private companies and states alike must be more cautious in using our data and avoiding any abuse that could arise from indiscriminately mining them. Spying on individuals on a massive scale, without strict legal rules and democratic oversight, can have adverse effects on freedom of speech, association and participation, and can create a nefarious social climate where all individuals are seen as potential suspects.

States, of course, have a duty to ensure security within their borders, and in doing so they can undertake the secret surveillance of individuals who can pose a threat. But those who implement secret surveillance risk undermining or even destroying democracy while pretending to defend it. To stem this risk, states and private companies must develop surveillance and data collection policies that respect human rights.

A crucial step is to limit surveillance through legislation that strictly abides by the case law of the European court of human rights. For the court, gathering and storing information relating to our private life cannot elude human rights concerns.

Respect for values and rights is clearly spelled out in the European convention on human rights, to which all 47 member states of the Council of Europe are bound: respect for private life, liberty and security, and access to an effective remedy to challenge intrusion in our private sphere. Moreover, European states are obliged to protect individuals from unlawful surveillance carried out by any other state and should not actively support, participate or collude in such surveillance.

Surveillance must be in accordance with the law, serve a legitimate aim in a democratic society, and be necessary and proportionate. In other words, States cannot do whatever they want to defend national security, but must operate within strict parameters. As a minimum, three main safeguards should be provided.

First, the law must be precise and clear as to the offences, activities and people subjected to surveillance, and must set out strict limits on its duration, as well as rules on disclosure and destruction of surveillance data. Second, rigorous procedures should be in place to order the examination, use and storage of the data obtained, and those subjected to surveillance should be given a chance to exercise their right to an effective remedy. Third, the bodies supervising the use of surveillance should be independent and appointed by, and accountable to, parliament rather than the executive.

These criteria are crucial. Respecting them will not reduce state security: on the contrary, it will increase trust in public institutions, which is a key feature of security.

European states should change the dominant security narrative which implies that privacy is a luxury that can be waived indiscriminately. Privacy is a fundamental human right we must safeguard while countering the threat of terrorism.