I get it, there are so many problems out there that sometimes is hard to stay focused on a particular one — given the other political and social issues you have — and Europe too.
We, Europeans, are familiar to this kind of issues (although as not critical as the Patriot Act), see Article 13: the majority of people don't know about it — because medias don't talk about it — or they genuinely don't care.
Nonetheless, as far as I understand, this is something which has gone on for years now. Just the idea that my emails, phone calls and other sensible information are collected without my authorization is awful. And the fact that they do it to US citizens is worrying because there is nothing which stops them to do the same to non-US citizens which use US-based services.
It's not only about Article 13 (but yes, it is an important article). We (in EU) have bastards like GCHQ, which are even more aggressive and offensive than NSA.
The good news is they will be (same as the NSA) lost in massive data collection. You can have petabytes of data, but if you do not understand them by context, you're lost at them (as data analytic guy).
The bad news is fast progress of AI and ML. High level AI will change this game forever, and the situation will only get worse.
So my advice will be, folks, use technologies like Tor as much as possible (and I'm not talking about poorly designed Tor Browser (from the security POV)), but setups like this one if you really care about your privacy.
Problem with this is that it becomes an arms race that you will not win - once the communication channels are sufficiently difficult to tap (cf: Signal, Tor maybe..) even for metadata analysis, the spooks head towards the edges where the humans have to interact in plain text with their technology - you are being monitored by your own equipment because that kit is common and readily subverted. Here's the NSA's head of tailored access operations (chief hacker) to provide an idea of who you will be up against :)
If you really have a need for private communication, how about visiting a random pub, or taking a walk in the countryside, maybe a round of golf with that special person? If your communication MUST be remote/electronic, then you have a lot of work ahead to mitigate the risks in design, parts supply chain, assembly, distribution and operation of equipment (cf: Lorenz machines in WW2, Snowden details of modified Ethernet sockets, etc.).
Yeah, I got you and you're right. Tough everything depends on your threat model. For most of us, the common private communication channels will work. If you are targeted, well, that's another story - then you are f****d in most cases.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.