She got that nickname for her push to mandate provider-level blocking of requests to foreign servers distributing CSAM while working as the German minister for family affairs, which critics argued would create a slippery slope by establishing a practice of forcing ISPs to implement network request blocking (IP bans). This push materialised in the Zugangserschwerungsgesetz, which while being passed in 2010 was never actually applied and eventually repealed. Around the same time the German minister for the interior argued for police powers to use trojans (computer viruses) for investigations, which likewise passed and seemingly has been used with very mixed success - it's worth noting that the use of this practice by US federal law enforcement was already well-documented at the time.
The USA PATRIOT Act on the other existed and had been used extensively (as far as we know) before expiring in 2020. But even without the USA PATRIOT Act, the US is well-documented in using warrantless surveillance: https://proton.me/blog/us-warrantless-surveillance
The existence of nicknames is a weird metric to judge a jurisdiction's attitude to privacy by when you have actual evidence of behavior you can compare directly.
EU governments trying to push for special powers for law enforcement to sabotage encryption and failing (remember: the UK is not in the EU anymore) is very different from what US federal agencies and law enforcement are not only permitted to do but also are doing and have been doing for decades. It's probably not necessary to point out the limits corporations face under EU privacy laws compared to the US.
