Skip to content

Franz Franz

goFranz // personal journal EST 2012 · 14Y SHIPPING all writing
Opinion · privacy

Chat Control 1.0 Is Back: What It Means for You

The EU Parliament just reactivated Chat Control 1.0. Here's the short version of what passed, what it does, and what it actually means for 450 million EU citizens.

Today, on the last day before summer break, the EU Parliament brought Chat Control 1.0 back from the dead. I want to keep this short, because the details are exhausting and the gist is what matters. So, bullet points.

What actually passed

  • Chat Control 1.0 is the rule that lets US tech companies (Meta, Google, Microsoft) automatically scan your private messages, emails, and chats for child sexual abuse material (CSAM). No warrant, no suspicion, everyone by default.
  • It had already expired in April, after Parliament narrowly rejected an extension in March.
  • It came back through a procedural trick: a snap “urgent procedure” vote on Tuesday (331 to 304) skipped the normal committee review and forced a floor vote today.
  • More MEPs actually voted against it than for it (314 against, 276 in favor, 17 abstentions), but blocking it needed an absolute majority of 361, and opponents couldn’t reach that. So it passes by default. A separate amendment to limit scanning to judicially identified suspects also fell short, 322 to 255.
  • It’s now extended for roughly two years, until 2028 or until the permanent version lands.

What it means for you

  • If you use Instagram, Discord, Snapchat, Gmail, or iCloud, your unencrypted private messages can be scanned again, without any individual suspicion.
  • End-to-end encrypted apps (WhatsApp, Signal) are not affected by this one. Yet. That’s the fight over “Chat Control 2.0”, the permanent, mandatory version, and negotiations on it resume in September.
  • This covers around 450 million people. You don’t get to opt out. You are scanned because you exist.

Why I think it’s a bad deal

The thing is, it doesn’t even work. From the EU Commission’s own evaluation:

  • Only 0.00000077% of scanned messages in the EU actually contained illegal content.
  • False-positive rates ran as high as 20%. That’s a lot of innocent people’s private photos flagged and reviewed.
  • Around 99% of Meta’s reports involve already-known material, so police get buried in noise instead of catching new abuse.

Patrick Breyer put it well: trying to protect children with suspicionless mass surveillance is like frantically mopping the floor while the faucet is still running. Targeted investigations and court-ordered wiretaps catch offenders. Scanning everyone’s chats mostly catches everyone.

Either way, this isn’t over. 1.0 buys the surveillance camp two years; 2.0 is where they try to make it mandatory and reach into encrypted messaging too. If you’re in the EU and you care about this, September is when to pay attention.