Private messages could be scanned in Europe as EU vote reignites surveillance fears

Person using whatsapp on their phone

Europe’s private message scanning row is back. Credit: Buketaltindal / Shutterstock

A European Parliament vote has revived a fierce privacy row over whether tech platforms can scan private messages for child sexual abuse material. WhatsApp, Signal and Telegram are excluded under the amended text, but users of non-encrypted services such as Gmail, Instagram DMs, Discord and Snapchat could be affected.

Private inboxes are back in Europe’s privacy row

Private messages, family photos, direct chats and email accounts are once again at the centre of a major European privacy row after the European Parliament backed changes to a temporary law allowing online platforms to voluntarily detect and report child sexual abuse material.

The measure is part of what critics call “Chat Control”, although the formal legal issue is a derogation from the European Union’s ePrivacy rules. It is an exemption that allows some communication service providers to scan certain private communications for child sexual abuse content without breaching strict privacy rules.

The Council of the European Union, which represents national governments, says the measure is needed so online providers can resume voluntary detection and reporting while a permanent child protection law remains under negotiation. 

Child protection organisations have long warned about the scale of online abuse. The Internet Watch Foundation said it assessed 451,210 reports in 2025, with 311,610 confirmed to contain or lead to child sexual abuse material.

How WhatsApp, Signal and Telegram can stay outside of this version

The European Parliament amended the text to exclude communications protected by end-to-end encryption. In practice, that separates apps such as WhatsApp and Signal from other private messaging services, because only the sender and recipient are meant to be able to read the content. Reuters reported that WhatsApp, Telegram and Signal are excluded from the temporary rules under the Parliament-backed changes.

The European Parliament said MEPs want to exclude “communications to which end-to-end encryption is, has been or will be applied” from the scope of the law.

This means your day-to-day family WhatsApp group, private Signal chat or Telegram conversation isn’t the main target here. The bigger issue is likely to be non-end-to-end encrypted services.

Why Gmail, Instagram DMs and Discord could face different rules

The revived system could matter more for private messages and email services that are not protected in the same way as WhatsApp or Signal. 

Spanish reports have listed Instagram direct messages, Gmail, Discord, Snapchat, Skype, Xbox and iCloud as examples of services where private communications could be affected if providers choose to use voluntary detection tools.

That doesn’t mean that every message on those services will be read or analysed by a person. The debate is more about automated detection technology used to identify suspected child sexual abuse material and report it.

Privacy campaigners argue that scanning private communications without suspicion or a court order still amounts to mass surveillance. Supporters argue that voluntary detection helps identify victims, remove illegal material and alert law enforcement.

The vote moved forward despite more MEPs opposing it

The most confusing part of the vote is that more MEPs present voted to reject the Council position than to support it. According to the European Parliament, 314 MEPs voted in favour of rejecting the position, 276 voted against rejection and 17 abstained. However, because this was a second-reading procedure, rejection required an absolute majority of all MEPs, not just a simple majority of those voting. Because that threshold was not met, the Parliament’s amended position moves forward. 

How child protection pressure is driving the law

Supporters of the measure argue that the temporary system is necessary because the previous interim law expired on April 3, 2026. The Council said the reinstated derogation would allow online service providers to detect, report and remove child sexual abuse material while broader legislation is still being negotiated. Irish Justice Minister Jim O’Callaghan, quoted by the Council, said the measure was crucial to identify children at risk, bring offenders to justice and prevent further abuse.

The problem facing lawmakers is pressing. The National Center for Missing and Exploited Children said its CyberTipline received 21.3 million reports in 2025 involving more than 61.8 million images, videos and other files related to suspected child sexual exploitation.

But critics argue that the seriousness of the crime does not automatically justify blanket scanning of private communications, especially when less intrusive tools, user reports and targeted police action remain available. 

EU governments now have three months to decide

The current vote concerns a temporary derogation, not the wider permanent Child Sexual Abuse Regulation that has been stuck in negotiations since the European Commission first proposed it in 2022.

The Parliament’s amended text now goes back to the Council of the European Union. EU governments have three months to approve or reject Parliament’s amendments. If they do not accept all the changes, Parliament and Council will move to a conciliation process to agree on a final version.

Anyone relying on private email, social media DM’s or gaming chats for sensitive conversations should watch the next Council step, because that is where the final shape of the temporary rule will become clearer.

Google News

Follow Euro Weekly News on Google News

Get breaking news from Spain, travel updates, and expat stories directly on your Google News feed.

Follow on Google News
Written by

Harry Dennis

Born in the UK and raised on the Cádiz coast, Harry brings his background in design, music, and photography to his writing for Euro Weekly News, sharing stories that celebrate culture and lifestyle across Spain and beyond.

Comments


    Leave a comment

    Your email address will not be published. Required fields are marked *