Private rooms are already end-to-end-encrypted (E2EE) by default (at
least if created via Element - didn't test other clients). However the
synapse setting encryption_enabled_by_default_for_room_type: invite led
Element to disallow creating private rooms without E2EE (i.e. the
encryption setting was force-enabled). With the default setting in
Synapse (off) Element will still enable encryption by default, but it
can be disabled at room creation time.