If you send messages through Gmail, Instagram Direct, Discord, Snapchat, Skype, or Xbox chat, those platforms are once again legally allowed to scan the content of your private messages — without a warrant, and without any suspicion that you’ve done anything wrong. On 9 July 2026, the European Parliament let a regulation known as Chat Control 1.0 come back into force, reviving this kind of scanning until April 2028, or until a permanent law replaces it.
The intentions behind it are genuine: detecting child sexual abuse material online is a real problem. But the mechanism it revives raises serious questions about what “protecting children” is actually costing everyone else — and according to the EU’s own legal advisors, the cost is bigger than most people realize.
What Chat Control Now Allows
Chat Control 1.0 is a temporary exception to EU privacy rules, first introduced in 2021, that lets providers voluntarily scan unencrypted messages, photos, and files for known abuse material using hash-matching tools. It applies to platforms such as Gmail, Instagram DMs, Discord, Snapchat, Skype, and Xbox messaging — not to end-to-end encrypted services like WhatsApp or Signal, which were never in scope. The rule lapsed in April 2026 after Parliament refused to extend it, then came back through a second-reading vote on 9 July, reviving it until 2028.
Why This Threatens Your Privacy
The EU Council’s own legal service has said that even “voluntary” scanning of this kind amounts to generalised surveillance of communications, incompatible with Article 7 of the EU Charter — the right to respect for private life. That’s not a fringe privacy-advocate opinion; it’s the Council’s own lawyers, as documented in the legislative record.
The accuracy problem compounds the legal one. Germany’s own police data shows that 48 percent of the alerts generated aren’t criminally relevant at all, and roughly 40 percent of the investigations that do follow end up targeting minors themselves — the very group the law is meant to protect. The European Commission’s own implementation report concedes there’s no evidence this kind of mass scanning has led to more convictions or more rescued children.
Survivors themselves have been some of the loudest critics. In reactions to the vote, survivor advocates argued that confidential, private channels were what let them come forward and pursue justice in the first place — and that mass scanning threatens exactly the kind of safe space survivors rely on.
A Vote Most MEPs Opposed
Here’s the part that should trouble you regardless of where you stand on the underlying policy: 314 MEPs voted against reviving Chat Control 1.0, and only 276 voted for it. It passed anyway. Because the vote was a second reading, blocking it required an absolute majority of 361 — not a simple majority of votes cast — so the rejection fell 47 votes short. A separate, narrower amendment that would have limited scanning to suspects identified by a judge got 322 votes and failed for the same procedural reason. Critics across the political spectrum, not just privacy advocates, called the outcome a threat to democratic process in its own right.
What Happens Next
End-to-end encrypted apps remain outside this law’s scope for now — that protection hasn’t changed. The bigger fight is the permanent replacement, sometimes called Chat Control 2.0, which could extend scanning obligations to encrypted services through client-side scanning. Negotiations resume in September, and the procedural mechanics of this month’s vote are worth understanding now, because the same tricks could resurface.
None of this means encryption is dead in Europe. It means the platforms most people use every day just got a renewed legal basis to look inside your messages — and the institutions meant to check that power let it happen by accident, not by design.
Key Takeaways
- Gmail, Instagram DMs, Discord, Snapchat, Skype, and Xbox can again scan your messages without a warrant, until April 2028 or a permanent law replaces it.
- The EU Council’s own legal service says this kind of scanning breaches the right to privacy under Article 7 of the EU Charter.
- German police data shows nearly half of automated alerts aren’t even criminally relevant, and 40% of resulting investigations target minors.
- The measure passed despite 314 MEPs voting against it — a procedural threshold, not a majority mandate.
- End-to-end encrypted apps like WhatsApp and Signal remain untouched for now; the bigger fight over permanent rules resumes in September.
Photo: Jonas Horsch via Pexels

