End of "Chat Control": EU parliament stops mass surveillance

Original Article ↗ Hacker News Discussion ↗

Outcome and what changes now

  • Parliament rejected extending “Chat Control 1.0”, a temporary derogation to the ePrivacy Directive that had legalized voluntary scanning of private messages for CSAM by big providers since 2021.
  • When it expires in early April 2026, services like Gmail, LinkedIn, and Microsoft must stop such scanning in the EU, absent suspicion-based legal grounds.
  • Some clarify that the measure never mandated scanning; it merely made existing voluntary practices legal.

Temporary win vs. persistent pressure

  • Many frame this as “end of chat control for now”, expecting rebranding and reintroduction (“Chat Control 2.0/3.0”, salami tactics, new names like “child safety”).
  • Others argue that repeated failure is itself a victory: it drains proponents’ resources and preserves the status quo.
  • There is concern that once any such law passes, it is hard to repeal and may only be struck down years later by courts, after damage is done.

Privacy, surveillance, and child protection

  • Strong privacy advocates see mass scanning and age verification as steps toward total surveillance, harmful to anonymous speech, whistleblowers, and vulnerable groups.
  • Several argue the true drivers are state surveillance and commercial interests (e.g., KYC and surveillance-tech vendors), not child safety.
  • Others note that a nontrivial share of CSAM reports comes from scanning, and warn against dismissive statistics.
  • There is discussion of more privacy-preserving age checks (e.g., ID apps returning only an age-OK boolean), but skepticism that real deployments would stay minimal.

EU democracy, institutions, and checks

  • One camp sees this as an example of EU democracy working: Parliament blocked a Council/Commission-driven measure; checks and balances functioned.
  • Another camp argues the EU is structurally flawed: Commission unelected, Parliament cannot initiate legislation, Council members hard for citizens to hold accountable.
  • Debate over whether systems should allow repeated attempts at the same law; some call for “no and don’t ask again” mechanisms, others say that would be anti-democratic and freeze lawmaking.
  • Constitutional courts and the European Convention on Human Rights are cited as higher-level privacy protections, but seen as slow and often ineffective in practice.

Party and country dynamics

  • Commenters note that the conservative EPP originally pushed strong chat control but ultimately voted against the final watered‑down extension; social democrats largely voted for it; Greens were firmly against.
  • Voting patterns differ sharply by member state; e.g., many German MEPs opposed extension, while France, Hungary, Poland, and Ireland had more support.
  • MEPs are often out of step with their national governments, which continue to push similar measures in the Council.

Future fronts: Chat Control 2.0 and age verification

  • Parallel negotiations continue on a permanent child protection regulation (“Chat Control 2.0”) and on mandatory age verification for messaging, chat, and app stores.
  • Age verification is seen as a major upcoming threat to anonymous communication; some expect broad public acquiescence, others foresee pushback from privacy‑conscious minorities.
  • Several call for going on offense: embedding strong privacy into constitutional or treaty-level law, banning certain kinds of data collection outright, and normalizing user-controlled devices and end‑to‑end encryption.