EU governments have agreed a long-awaited position on the so-called Child Sexual Abuse Regulation, prompting fierce warnings that Brussels is preparing the groundwork for mass surveillance of its own citizens.
After seemingly getting rid of the ‘Chat Control’ initiative earlier this year—a regulation that sought to force digital platforms to scan all private messages for child sexual abuse material—the plan has been revitalised and brought in through the back door.
Member states on Wednesday, November 26th, endorsed a Danish-brokered compromise that removes mandatory detection orders for encrypted messaging services but still places extensive obligations on tech companies to police online content.
The draft law forces online platforms to assess how their services might be misused for child sexual abuse material or grooming, and to implement “mitigating measures” approved by national regulators.
The regulation leaves in place the possibility of so-called “voluntary scanning” of users’ communications, a measure that has alarmed privacy campaigners. They argue that there is still a powerful incentive for regulators to pressure platforms into scanning encrypted messages under the guise of risk mitigation.
Former German MEP Patrick Breyer warned that “anonymity-breaking age checks & ‘voluntary’ mass scanning are still planned.”
Czech MEP Markéta Gregorová said the Council’s approval was “a disappointment… Chat Control… opens the way to blanket scanning of our messages.”
National backlash has intensified, most dramatically in the Netherlands, where MPs forced the government to vote against the proposal after Justice Minister Foort van Oosten attempted to abstain.
Lawmakers warned of “mandatory age verification” and a regime of “voluntary obligation” in which platforms face penalties if they refuse to implement intrusive scanning technologies. Dutch parties from left to right condemned what they described as a deeply flawed plan pushed through “without national parliaments being given the time to respond.”
Former Dutch MEP Rob Roos accused Brussels of acting “behind closed doors,” warning that “Europe risks sliding into digital authoritarianism.”
As we explained in our earlier analysis, opponents argue that the regulation will not stop determined criminals, who can easily evade detection through VPNs. Instead, they fear ordinary citizens with little or no technical knowledge who use the most common apps and trust the system to protect them will become the targets.
According to MCC Brussels:
This is mass surveillance on an enormous scale. … The coming fight will decide whether Europe protects the privacy of its citizens or builds an unprecedented infrastructure of digital control. This is not just about child protection. It’s about whether the EU gets permanent access to the most intimate corners of your life.
