The European Parliament just voted to extend a rule that lets platforms scan your private messages without a warrant or prior suspicion. It runs until April 3, 2028.
This covers DMs on Instagram, Discord, Snapchat, and Xbox, plus emails on Gmail and iCloud.
The original rule was introduced in 2021. MEPs actually rejected extending it back in March by a vote of 311 to 228 and the rule lapsed on April 3, 2026. But Brussels brought it back on an "urgent basis" before summer recess, and this time the motion to reject it failed to get the majority needed.
Former MEP Patrick Breyer called it "a farce" that "damages democracy," pointing out it passed against the will of most voting MEPs.
The data shows the system doesn't work. Only 36% of abuse reports in 2024 came from scanning private chats. Most came from public posts and cloud storage. 48% of alerts weren't even criminally relevant. 40% of investigations from these alerts targeted minors themselves. 99% of Meta's reports were about material already known, not new abuse being caught.
The European Commission itself admits there is no evidence this scanning has increased convictions or rescued more children.
This is the voluntary version. A separate permanent law, the Child Sexual Abuse Regulation, is still being negotiated. That version could force scanning on every platform and reach into encrypted messages like Signal and WhatsApp.
Breyer warned this vote removes any pressure on the Council to pursue real reform. They can just keep extending the old system instead of passing something better.
The playbook is clear. Wrap mass surveillance in child safety language, bypass democratic opposition through procedural tricks, and buy time to push the permanent version through with less scrutiny each round.









