Economy & Policy

EU parliament lets Meta and Google keep scanning users’ messages, in a win for ‘Chat Control’ backers. What it means – and why it matters

With the European Parliament’s resistance weakening and the powerful European People’s Party group shifting in favour of tougher controls, this surprise win for message-scanning could clear the way for an even more far‑reaching “Chat Control 2.0” that targets encrypted apps next.

  • Petr Koubský
  • July 13, 2026
  • 0 Comments

First published in Deník N.

MEPs have voted on whether Big Tech companies such as Meta, Google and Microsoft should have the right to scan our unencrypted messages and emails for child sexual abuse material (CSAM).

Although a majority of lawmakers opposed it, a legislative trick used by the European Parliament meant that the message-scanning proposal passed.

Tech companies can continue to read the messages we write using their applications until April 2028, even though such practices conflict with European privacy laws. Companies such as Meta, Google, and others have received an exemption from these laws. The justification given is the protection of children from abuse and the fight against child sexual abuse material.

Here’s why it matters.

How did we get to the current Chat Control debate?

Tech companies such as Meta and Google have been scanning private communications for illegal content since the launch of the relevant services. More precisely, these checks have not been limited to illegal content; they have also covered material that violated the rules of the respective services, as defined by their operators. In some countries, these rules could be even stricter than the requirements imposed by law.

The practice of operators scanning private conversations was repeatedly criticised by online privacy advocates. At the same time, many of them accepted that a private operator had the right to set whatever rules it deemed appropriate for its own product. The essential point is that at this stage there was no legal regulation involved.

The operators’ approach ran up against increasingly strict European privacy protection, based on the ePrivacy directive. It has been expanded and amended several times and, since 2016, it has also included the well-known General Data Protection Regulation (GDPR). Reading private conversations by digital companies thus effectively became illegal in the EU.

However, EU institutions continued to tolerate it for certain specific purposes.

The issue of child pornography, politically and emotionally sensitive, has always been among the foremost reasons for occasionally ignoring privacy protection – together with the fight against terrorism and organised crime.

This situation was given a legal framework when, in 2021, EU bodies adopted a temporary exemption from privacy protection (in the form of Regulation 2021/1232) “for the purposes of the prevention, detection, investigation and prosecution of criminal offences linked to child sexual abuse”.

With this exemption, the nickname “chat control”, control of private communication, originally meant as a slur, entered European political debate.

It has and still has a development of its own. To distinguish between its individual stages, the 2021 regulation is called Chat Control 1.0.

The exemption was worded relatively cautiously. It did not order electronic communication operators to do anything. It only gave them the right to voluntarily monitor the content of messages and emails until at least April 2028. The method and scope of this monitoring were left to the discretion of the respective companies.

Tech companies such as Meta, Google and others thus simply continued their previous practice, now with a legal guarantee from the EU and in growing cooperation with Union bodies and individual member states.

The exemption from 2021 – and this is crucial – was approved as a temporary measure. Its validity expired on 26 March 2026, but European institutions are now dealing with this issue intensively to have a permanent solution.

What is the difference between Chat Control 1.0 and 2.0?

Chat Control 1.0 divided European politicians in terms of their views. Few were satisfied with it. One group regarded it as an unacceptable breach of privacy and demanded its repeal, while another assessed the measure as insufficient.

The formulation “one group and the other group” is unavoidable here because there is no clear political dividing line between them. It is not a conflict between left and right, between conservatives and liberals, nor along any of the usual fracture lines.

Politicians favouring a higher degree of control began to prepare more far‑reaching measures – Chat Control 2.0, already back in 2020, that is, before the temporary exemption was adopted. The specific shape of the plan for stronger regulation changed significantly several times.

However, the main differences compared with Chat Control 1.0 are twofold: first, under the new regime, digital companies would not have the right but the obligation to read conversations and search them for harmful content. If they failed to do so, they would face sanctions.

And second, the new version of Chat Control was also meant to apply to communication with end‑to‑end encryption, or E2EE. This is offered by services such as Signal, Threema or Delta Chat; it can also be enabled in Telegram and in both of Meta’s text messengers (WhatsApp and Messenger).

E2EE guarantees that the operator cannot read messages, even if it wanted to, because it does not have the decryption key. For that reason, Chat Control 1.0 does not apply to these communication tools at all.

Breaking end‑to‑end encryption would be a massive interference with online privacy – and effectively its end. E2EE is used for many completely legal and legitimate purposes.

This post was originally published on this site.