To the extent that the HTTPS Everywhere movement takes off, with significant wind in its sails coming from Google's treatment of https as a ranking signal, the world is slowly but surely moving to a regime where there's a lot less that an ISP (with or without nation-state assistance) can observe.

The only way they'd be able to snoop on your Google queries would be if they forced you to install a proxy certificate (allowing them to MITM your connections to Google). When a previously trusted CA has been discovered to be issuing the equivalent sort of thing, they've generally been quickly removed from all browsers (see, e.g., DigiNotar or WoSign). The HTTPS universe is actually holding up pretty well, all things considered.

So fine then. What's an invasive nation-state have left as a means to compel your ISP to listen in on what you do?

Easy: They can trace all your DNS activity and do traffic analysis on where you visit. (This sort of tracking isn't all that bothersome to my mind. If I feel a need to visit something untoward, which I sometimes do as part of my research, I'll use Tor or other such things.)

Medium: They can instruct your ISP to block VPN traffic and/or they can block traffic to known VPN endpoints. (This sort of thing is standard practice in a number of non-democratic countries.)

Hard: They can hack your router, hack your computer, and/or require specific software with backdoors on those devices. (China tried this, at one point, with its Green Dam thing.)

I haven't studied exactly how the U.K. plans to implement its surveillance society, but I suspect they'd follow some variant of this easy/medium/hard progression.