Permission for Scanning Private Communications Restored
The European Parliament was unable to stop tech companies from once again being allowed to voluntarily scan private messages for child sexual abuse material (CSAM). The vote took place on July 9 in Strasbourg, with 314 MEPs supporting the repeal of the Council of the EU's position, 276 opposing it, and 17 abstaining. To block the decision during the second reading, an absolute majority of 361 out of 720 votes was required, but opponents fell short by 47 votes.
The authorization for scanning remains in effect until April 3, 2028, meaning companies like Google, Microsoft, Meta, and Snapchat can continue to check messages on a voluntary basis. However, end-to-end encrypted services such as WhatsApp and Signal are exempt from these rules. A separate attempt to restrict scanning to court-ordered cases only received 322 votes in favor, still short of the necessary 361.
Additional Details and Reactions
This marks the second attempt since March, when the European Parliament initially rejected extending the exception—311 MEPs voted against, 228 in favor, and 92 abstained. On July 2, the Council of the EU adopted the European Commission's original text as its position for the second reading, an initiative pushed by the European People's Party (EPP) group. The vote was conducted under the urgent procedure (Rule 170) just two days before the final decision.
Markéta Gregorová remarked: 'This is no longer just about protecting privacy—it's about protecting our democracy.'
Meanwhile, Patrick Breyer described the situation as a farce. A separate regulation, Chat Control 2.0 (CSAR), which mandates compulsory message scanning, has been under negotiation since 2022.
What does this mean for users? Tech companies will be able to scan messages for CSAM, but only on a voluntary basis. Since end-to-end encrypted services are not covered by these rules, their users remain shielded from such scanning.
What happens next? The scanning authorization will remain in force until April 3, 2028, while discussions on mandatory scanning will continue under separate initiatives.
This reinstatement of permission to scan private communications highlights the ongoing tension between safeguarding user privacy and combating child sexual abuse. Given the long-term validity of the authorization, tech companies may need to adjust their security and privacy strategies. The continued debate over mandatory scanning suggests this issue will remain a key topic in European political discourse. It will be crucial to monitor future initiatives that could shift the balance between security and privacy rights.