The Chat Control gambit: The EU's 'undemocratic' revival of chat scanning may have long term consequences for digital privacy

Temporary CSAM chat scanning got the green light in Europe, three months after Parliament voted it down. Opponents now warn it could pave the way for lasting legislation that's unfit to protect our privacy.

The Chat Control gambit: The EU's 'undemocratic' revival of chat scanning may have long term consequences for digital privacy

Last week, as European lawmakers packed their bags for the summer recess, a controversial surveillance law was quietly brought back to life. It's the latest plot twist in the struggle to find a balance between digital privacy and children's safety.

Through an unusual procedural loophole, the European Parliament revived what’s been dubbed "Chat Control 1.0." It's a temporary rule that allows tech giants like Meta, Google, and Microsoft to voluntarily scan citizens' unencrypted private messages in search of child sexual abuse material (CSAM).

While the law — which is expected to officially pass once MEPs return from summer recess — excludes end-to-end encrypted apps like Signal and WhatsApp, its resurrection has sent shockwaves through the digital rights community.

Critics have not only slammed the revival procedure as "undemocratic," but also warned that it could mean mass scanning becomes permanent.

Central to the debate is whether Big Tech should use mass scanning (where everybody's data is checked) or targeted scanning (where only people identified as potential suspects are affected).

And while the European Parliament decided to reject mass scanning in March in favor of a "proportional and targeted" approach, last week’s vote represents a major U-turn that brings it back to the table.

But how did a law voted down over three months ago end up on the fast track to be enforced? And what will be the lasting impact on our privacy?

How Chat Control 1.0 was revived

Roberta Metsola, President of European Parliament attends a press conference during the European Council Meeting on June 18, 2026 in Brussels, Belgium.

(Image credit: Photo by Pier Marco Tacca/Getty Images)

Due to the "rarely used" legal procedure adopted last week, an absolute majority was required to reject the proposal.

This meant at least 361 MEPs were required to vote against it — something critics say was difficult to achieve as many of them were already on holiday.

So, despite the majority of MEPs rejecting it (314 against, 276 in favor), the motion was sent to the Council for final approval, which is expected in September.

Initially intended as a stopgap while lawmakers debated the permanent Child Sexual Abuse Regulation (CSAR) bill — aka Chat Control 2.0 — the interim framework was in place from 2021 until it terminated in April of this year.

Since then, child safety groups and some MEPs have argued that the legal vacuum this caused required urgent action — a gap addressed by last week's vote.

However, Google, Meta, Microsoft, and Snapchat issued a joint statement in April pledging to "continue to take voluntary action" to execute CSAM scans — regardless of whether the interim scanning law was enacted.

The privacy backlash

Many critics didn’t like how the Chat Control gambit unfolded, calling Metsola's actions a political stunt. They allege she used a legal loophole strategically to schedule a vote during the final meeting of the legislative season to maximize its chances of passing.

A long-standing critic of the CSAM scanning law, former MEP for the German Pirate Party and digital rights jurist Patrick Breyer didn’t mince words, slamming Metsola's move as a "farce" that "damages democracy."

Robin Wilton, the Internet Society's Senior Director for Internet Trust, also told TechRadar that the "extraordinary bending of parliamentary procedure" required to pass the bill should concern everyone.

In a written statement to TechRadar, Roberta Metsola’s press office said, "it was not the President who brought this up or pushed for it" but that the issue was raised by other political groups during a meeting in June.

The lasting impact of Chat Control 1.0

While the temporary legal framework is expected to be reinstated soon, the more significant battle over CSAM scanning and digital privacy continues in the background.

Lawmakers are still discussing the terms of the permanent CSAR law, with negotiations reportedly stalling over the issue of targeted or mass scanning.

Critics are now concerned that last week's vote could steer the direction of the debates regarding the permanent law. And not in ways that would protect people's digital privacy.

Rand Hammoud, Director of the Security, Surveillance and Human Rights Programme and Regional Encryption Lead at the Center for Democracy and Technology (CDT), fears that passing the temporary law risks legitimizing mass scanning and says that opposition may become "more difficult" to sustain.

Put simply, because the temporary law allows for mass scanning, the permanent legislation may be more likely to include the same provision.

Did you know?

Caucasian security guard watching with abundance of computer monitors - stock photo

(Image credit: Colin Andreson Productions pty ltd/via Getty Images)

Some technology researchers have warned that mass scanning may lead to a surge in false positives. While some groups may view these errors as an inevitable part of any technology that can be fixed, Belgian cryptographer Bart Preneel — the author of multiple research papers on this matter — warns it could take at least two years to develop a better solution.

Digital rights advocates have long argued that mass scanning is a privacy "disaster waiting to happen," calling for more targeted solutions. They believe that even when the scanning is "voluntary" — meaning when tech companies can choose whether to perform the scanning or not — it remains problematic.

For child safety groups, however, voluntary scanning is non-negotiable. According to Hannah Swirsky, the Internet Watch Foundation's (IWF) Head of Policy and Public Affairs, it would be a mistake to limit detection only to individual suspects.

"The scale of the issue with CSAM requires technology to be used widely across platform systems," Swirsky told TechRadar.

Either way, Hammoud from CDT Europe says finding the right balance between privacy and children's safety "demands careful, evidence-based lawmaking" — a standard she argues was lacking in the fast-tracked procedure last week.

What’s next for the privacy of chats?

Despite the temporary law expected to officially pass in autumn, some opponents of Chat Control are still hopeful.

Crucially, the vote showed that most MEPs remain unconvinced about the current legal framework being developed. And while there is deep disagreement on how to do so effectively, it is worth noting that people on all sides want to find solutions that keep children safe online.

As the EU institutions pull down the shutters for the summer, we can only hope that politicians are able to reach a compromise that upholds democratic principles while keeping children safe and defending citizens' digital privacy.

Share

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0