EU ministers urged to defend citizens' right to data privacy

VPN, email and messaging app providers are some of those joining the pledge

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Data Privacy Week kicked off in the EU with a pledge from the industry to defend encryption in 2024.

Some of the companies using this technology to develop security software, includingVPN services, and secure email and messaging apps, are now calling EU ministers to defend their citizens' privacy and withdraw a worrying proposed regulation.

Deemed by critics as Chat Control, theEU Child Sexual Abuse Material (CSAM) Scanning Proposalcould allow authorities to scan people’s private and encrypted chats for dangerous content as a way to halt child sexual abuse (CSA) online. Yet, experts argue that going down this route rather endangers users (children included) instead.

Encryption at risk

“We all agree that ensuring children are safe online is one of the most important duties of tech companies and for this reason, we find the European Commission’s proposed Regulation extremely worrying. If it were implemented as proposed, it would negatively impact children’s privacy and security online, while also having dramatic unforeseen consequences on the EU cybersecurity landscape, creating an ineffective administrative burden,” wrote the experts in anopen letter.

The group, composed of trade associations, and small and medium-sized tech companies, especially pointed out the risk of having a “backdoor” to allow authorities to scan messages in end-to-end encrypted environments.

So-calledclient-side scanningmay help fight online crime, but, they argue, “it would also quickly be used by criminals themselves, putting citizens and businesses more at risk  online by creating vulnerabilities for all users alike.”

Among the signatories (22 in total) are popularVPNproviderSurfshark, Swiss-based security software firm Proton, secure email service Tuta (formerly known asTutanota), and encrypted messaging app developerElement.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Today, we call on all Interior, Justice & Economy ministers of EU countries, to choose the right side: #privacy or #surveillance.Together with other privacy-first companies we call on our ministers to defend encryption & protect privacy. 🔒Read the full text here:… pic.twitter.com/rGYGm6NS9yJanuary 22, 2024

The recentattack on encryptionand the concept of client-side scanning began filling the news last year as tech companies raised the alarm on similar proposed legislation in the UK. While theOnline Safety Act is now law, the messaging scanning requirement has been postponed until “it’stechnically feasible to do so” without breaking encryption—a solution that delays the issue rather than solving it.

In October the EU Parliament reached ahistorical agreement, though, asking for the removal of the Chat Control clause in order to safeguard online security and encryption. Now, it’s the time for each EU Member State to agree on their own position.

“We call on our ministers, specifically on Nancy Faeser (SPD, Germany), to choose the right side in this discussion: uphold strong encryption and protect the human right to privacy of millions of EU citizens and businesses,” said Matthias Pfau, founder of Germansecure emailprovider Tuta Mail.

According to Pfau, Europe cannot pride itself on the progress made withGDPRlegislation while simultaneously promoting client-side scanning. “Such a move would destroy any credibility the EU currently holds in matters of privacy and cybersecurity,” he said.

One of the mostsecure VPNproviders out there,Mullvad VPNgot vocal last year to raise awareness of the risks of the EU Chat Control law. It sends hundreds of emails to both journalists and politicians, while even putting giant banners across airports and the streets of some European cities. “Mullvad is usually a very silent company. This is probably the first time we really got mad enough to speak out,” Jan Jonsson, CEO at Mullvad, told me when the company began its campaign in March last year.

EU State members are expected to vote on the proposed CSA regulation in the next few weeks and they hope to reach an agreement by March. Romain Digneaux, Public Policy Specialist at Proton, explained that only after that trilogue negotiations will be able to start. With EU Parliament elections happening in June, though, time is everything.

“We hope that the Belgian Presidency will act as an honest broker and take inspiration from the European Parliament to make sure that children are adequately protected, as well as everyone’s right to privacy and security online,” Digneaux told me. “However it looks like deep divisions still remain between member states.”

All in all, experts are calling for finding a balanced approach alongside technically feasible solutions that could enhance child protection rather than undermine it. Specific requests include preserving the confidentiality of correspondence, refraining from forcing tech companies to perform mass surveillance and minimizing the administrative burden of the proposal by finding alternatives to mass scanning.

Commenting on the latter point, Digneaux told me: “There are many methods for combating crime online, as has been proven time and time again, which don’t compromise privacy and security. While we can’t publish the exact methods that we use (as that would play into the hands of the bad actors), at Proton we have a large team who work 24/7 to identify and remove bad actors and we cooperate with law enforcement within the framework of Swiss law.

“To sound horribly pragmatic, there is zero benefit to us to turn a blind eye to this behavior. In fact, the opposite, criminal behavior presents a huge threat to our entire business.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin