This is why all bulk data collection is a serious security risk.
No matter who is doing the collecting, it is only a matter of time before an unintended third party gets their hands on it.
Government ordered collection & retention of browsing histories may seen harmless to the 'If you've done nothing wrong you've nothing to hide' brigade. (Although by their own logic, their refusal to discuss their own activities & policies suggests they have an awful lot to hide. :iagree:)
But you can bet foreign agencies are trying their hardest to hack these databases. Why? No need to use a traditional honey trap to blackmail a foreign official any more, just print off a copy of their browsing history.