Chat Control: EU Parliament said no to Big Tech mass surveillance of your
chats but the battle for privacy isn't done

Date:
Fri, 13 Mar 2026 17:47:45 +0000

Description:
The EU Parliament's stance on untargeted scanning and encryption is clear.
With the trialogue negotiations for the permanent law ongoing, will the
Council and Commission be ready to follow suit?

FULL STORY
Untargeted mass scanning of your private chats. That's what Big Tech has been allowed to do since 2021 on a voluntary basis until now.

What's been dubbed Chat Control 1.0 is the interim law that gives the green light for messaging services and social media providers to scan our communications in the lookout for child sexual abuse material (CSAM). The
law, which was meant to be a temporary measure to fill the legal vacuum until permanent legislation passes, has been in place since 2021. It expires on
April 3, with lawmakers needing to extend it once again. This time, though, they have listened to tech experts and digital rights advocates, and
tightened the rules in favor of user privacy.

On Wednesday, an overwhelming majority of the European
Parliament (458 in favour, 103 against, and 63 abstentions) endorsed the temporary extension until August 2027, but with some significant conditions.

CSAM scanning will now need to be proportional and targeted, and end-to-end encrypted communications, such as WhatsApp, Signal, and Telegram, for
example, are out of scope Long-time Chat Control critic, the former MEP for
the German Pirate Party and digital rights jurist, Patrick Breyer, welcomed
the news as "a sensational victory" and historic vote. "Just as with our physical mail, the warrantless screening of our digital communications must remain taboo," he said.

While this is very much a battle won for the digital rights-conscious
citizens of Europe, its still just an interim measure. With the EU Council, Commission, and Parliament still debating the details of the Child Sexual
Abuse Regulation (CSAR) Bill what critics have labelled Chat Control 2.0
the privacy war rages on. Are these legislative bodies prepared to double
down on their rejection of mass surveillance, or will the pendulum swing back in favor of Big Tech?

Whats wrong with untargeted CSAM scanning -- The problem
with untargeted CSAM scanning lies in its potential for mass surveillance and the inherent technical and legal flaws.

Prior to the Wednesday vote, Chat Control 1.0 officially interim ePrivacy derogation 2025/0429(COD) enabled internet service providers to
automatically check all users' private messages in the lookout for illegal material. Chats were scanned, and suspicious images and videos compared with databases of known CSAM.

This practice, however, is legally problematic the confidentiality of electronic communications is a fundamental principle of the ePrivacy
Directive . Privacy experts have long warned
that mass, untargeted scanning, even when voluntary (i.e. even when the companies are not forced to do it), still harms security and privacy. Whats more, the last five years of open CSAM scanning have uncovered mostly legal shortcomings and false positives, and very little actual prevention of CSAM.

In fact, as digital rights experts at Netzpolitik noted, the latest CSAM scanning evaluation published by the EU Commission in November still "fails
to provide sufficient facts and statistics to judge the proportionality of voluntary chat monitoring."

On February 16, the European Data Protection Supervisor (EDPS) an
independent supervisory authority with responsibility for monitoring the processing of personal data by EU bodies also published its opinion ,
arguing that the Chat Control 1.0 extension must address shortcomings and prevent indiscriminate scanning."

Finally, a coalition of 50+ civil society organizations, cryptographers, computer scientists, and other digital rights experts signed an open letter
to urge lawmakers to vote against the extension, arguing that the interim law would "allow Big Tech companies to continue to scan billions of private messages (chats), emails and social media posts of people across the EU, and report them to a US center in case they suspect abuse material is being shared."

In the end, it seems, it was enough to make legislators think twice, at least for now. How the new rules look like At Wednesdays plenary vote , lawmakers agreed to limit the scope of the scanning.

They have inserted a new clause which states that data processing must be targeted, specified, and limited to individual users or specific groups (such as subscribers to a specific channel).

Additionally, this targeted processing is only permitted when there are reasonable grounds of suspicion of a link to child sexual abuse material, and the targets must be identified by a competent judicial authority.

The new rules explicitly exclude end-to-end encrypted communications and the scanning of audio messages from the scope of the law. What's next for our privact chats (Image credit: Getty Images) After years of campaigning, the EU Parliaments response to the complaints is heartening for digital rights activists, but the recent concessions may not reflect the final decision.

The EU Council, Commission, and Parliament are currently going through the remaining negotiations on the permanent legislation that will replace the interim CSAM scanning law.

The Council may have reached an agreement at the end of last year, but the proposal going to the trialogue is still "a disaster waiting to happen " according to technologists and privacy experts because "voluntary CSAM scanning" is still a main component with few strong provisions to protect encrypted communications.

Yet, since the November vote on Chat Control, there have been some changes to the discussion. Back in December, the EU Commissioner for Home Affairs,
Magnus Brunner, backed the Parliament line on targeted monitoring .

Now, the EU Parliament's strengthened stance on encryption and targeted scanning shows us that some other lawmakers are ready to fight against rules that could inadvertently put Europe into a downward spiral of mass surveillance.

The CSAM bill still includes provisions on age verification that remain problematic for privacy, according to over 400 scientists who are calling for
a halt to these measures until a "scientific consensus" regarding the
technical feasibility and benefits is reached.

With all this mounting pressure on Chat Control, the digital rights lobby
might smell victory, but the matter is far from decided and, how Big Tech
might feel about the outcome, well, thats another story.

Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/chat-control-eu-parliament- said-no-to-big-tech-mass-surveillance-of-your-chats-but-the-battle-for-privacy -isnt-done

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)