The dispute over digital letter secrecy in the EU is reaching a new level of escalation shortly before the summer break. After negotiations on Chat Control 2.0 – i.e., the mandatory, suspicionless scanning of encrypted communication – stalled due to persistent resistance in the EU Parliament, the Council of Ministers is now pushing forward with a legal maneuver.
The member states want to reactivate the transitional regulation for voluntary monitoring of messages by technology groups, which expired on April 3, in an expedited procedure. The Council adopted a corresponding position for a “new” regulation on Thursday via written procedure to close a looming legal loophole and increase pressure on MEPs.
The reason for the trick: Since the end of 2020, internet-based, number-independent communication services such as messenger apps, webmail, and VoIP telephony have been subject to the strict provisions of the European E-Privacy Directive. This protects the fundamental right to confidentiality of communication and prohibits unauthorized interception or evaluation of content and traffic data. To still allow technology providers to voluntarily search private chats using AI and hash matching for known abuse material or grooming patterns, the EU lawmakers created a temporary exemption in 2021. This regulation, referred to as Chat Control 1.0, expired in the spring, as the Council and Parliament could not agree on an extension.
Child Protection and Letter Secrecy
For the Council, the expiry of the deadline is an untenable situation. The providers' voluntary detection measures are an indispensable tool for identifying affected children early, rescuing victims from abuse situations, and curbing the uncontrolled further dissemination of illegal image and video material online. Furthermore, the procedure makes an important contribution to online law enforcement, even though reports continue to flow despite the expired norm. The new regulation aims to prevent fragmentation through national unilateral actions.
Critics, however, see the chosen procedure as an attempt to circumvent democratic control bodies and to surprise Parliament. Since an already expired regulation cannot simply be extended in formal terms, the EU governments are resorting to a trick: Instead of an extension, they have put forward a legislative proposal that is largely identical in content but different in form.
Tactical Timing Before the Summer Break
The draft is to be put on Parliament's agenda as early as Tuesday as part of an urgent procedure – immediately before the start of the summer break. Should the plenary session approve the accelerated procedure, a vote threatens on the last day of session before the holidays, when many MEPs have historically already departed. Compounding the issue, the procedure is already in its 2nd reading. At this stage, the Council's position can only be stopped or modified by amendments if an absolute majority of the representatives vote against it. A hurdle that, in practice, is considered almost insurmountable shortly before the summer break.
Although the Council emphasizes that the scans will be limited to the absolutely necessary extent and that no general, indiscriminate surveillance will take place, the intrusion into the privacy of all users remains significant. The regulation stipulates that the processed content and traffic data must be irrevocably deleted no later than twelve months after detection, unless a concrete suspicion is confirmed. A permanent, long-term legal framework for abuse prevention, meanwhile, moves further into the distance.
Read also
(kbe)