EU Parliament rejects Chat Control message scanning
MEPs vote down proposals to allow US tech companies to continue scanning private messages for illegal content
The European Parliament has voted against proposals that would allow social media and tech companies to continue to scan the content of private messages of EU citizens for illegal content.
A majority of MEPs voted on Thursday 26 March to reject extending a temporary exemption to EU privacy laws that permitted companies such as Meta, Google and LinkedIn to “indiscriminately” scan private messages for child abuse. The decision marks the end of a long-running attempt to introduce Chat Control legislation across Europe.
In its original form, Chat Control would have required technology companies to monitor the content of end-to end encrypted communications, raising objections that it would undermine cyber security and put confidential communications at risk.
US tech barred from scanning private messages
In the vote, 311 MEPs voted against a motion to extend a derogation to the e-Privacy directive, with 228 votes in favour, and 92 abstentions, which means that tech companies can no longer legally conduct mass scanning of private messages.
Law enforcement agencies will be able to continue to conduct surveillance of private messages when they have concrete suspicions and have obtained a judicial warrant, and will be able to conduct routine scanning of public posts and files.
The European Commission first presented a proposal to require all email and messaging providers to conduct mass scanning of all messages and emails sent on their platforms, including end-to-end encrypted messages in 2022. The proposals attracted criticism from technology companies and lawyers.
In 2024, European tech companies warned in an open letter that the proposals would “negatively impact children’s privacy and security” and could have “dramatic unforeseen consequences” for cyber security.
Leaked internal legal advice showed that the Council of Europe’s own lawyers had serious questions about the lawfulness of the planned measures, which they said could lead to the de facto “permanent surveillance of all interpersonal communications”.
PhotoDNA flawed
A scientific study published this month found that the “PhotoDNA” technology used by tech companies for Chat Control was “unreliable”. They found that criminals can fool the software into missing illegal images and that harmless images can be manipulated so that innocent citizens are reported to the police.
According to a European Commission report, just 36% of suspicious activity reports from US tech companies originated from the surveillance of private messages, while social media and cloud storage services are becoming increasingly relevant for investigations.
US tech companies are permitted to carry out mass scanning of private messages under an EU interim regulation which now expires on 3 April. The regulation allows “hash scanning” for known images and videos, automated analysis of previously unknown images and videos and automated analysis of text in private chats.
Lobbying exercise
Patrick Breyer, who has been campaigning against Chat Control, said that tech companies – such as US tech company Thorn – and lobby groups had been trying to “panic” Europe into introducing the measures.
“Flooding our police with false positives and duplicates from mass surveillance doesn’t save a single child from abuse. Today’s definitive failure of Chat Control is a clear stop sign to this surveillance mania,” he said. “Indiscriminate mass scanning of our private messages must finally give way to truly effective and targeted child protection that respects fundamental rights.”
The European Commission, European Parliament and the European Council are continuing negotiations on a permanent regulation, dubbed Chat Control 2.0. The European Parliament has been pressing for targeted measures rather than mass surveillance since 2023.
Read more about Chat Control
- Chat Control encryption plans delayed after EU states fail to agree – Plans to require technology companies across Europe to monitor the contents of encrypted messages and emails have been delayed after European Union member states were unable to reach agreement following German objections.
- EU Chat Control plans pose ‘existential catastrophic risk’ to encryption, says Signal – As EU member states prepare to vote on plans to mandate tech companies to introduce technology to scan messages before they are encrypted, Signal warns that Chat Control will create new security risks.
- Chat Control: EU to decide on requirement for tech firms to scan encrypted messages – Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts.
Read more on IT risk management
-
![]()
Privacy will be under unprecedented attack in 2026
By: Bill Goodwin
-
![]()
Top 10 surveillance, journalism and encryption stories of 2025
By: Bill Goodwin
-
![]()
European governments opt for open source alternatives to Big Tech encrypted communications
By: Bill Goodwin
-
![]()
Inspired by the EU: Sweden eyes open standard for encrypted chat services
By: Bill Goodwin
