{"id":5980,"date":"2025-11-28T02:32:54","date_gmt":"2025-11-28T02:32:54","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5980"},"modified":"2025-11-28T02:32:54","modified_gmt":"2025-11-28T02:32:54","slug":"eu-chat-control-proposals-should-be-red-flag-to-businesses-everywhere","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5980","title":{"rendered":"EU \u2018Chat Control\u2019 proposals should be red flag to businesses everywhere"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Data privacy campaigners have warned that any celebration of the news that the European Union (EU) has abandoned its plans to break end-to-end encryption in mobile messaging apps could be short-lived.\u00a0 According to one expert, this announcement should be a \u201cred flag\u201d to organizations operating within Europe.<\/p>\n<p>There has been a <a href=\"https:\/\/www.csoonline.com\/article\/2154094\/chat-apps-end-to-end-encryption-threatened-by-eu-legislation.html\" target=\"_blank\" rel=\"noopener\">long-standing threat to end-to-end encryption<\/a> within Europe, as tech companies have battled with legislators over the EU Council\u2019s attempt to limit messages shared by child sexual abusers through scanning of communications. Hoping to calm companies\u2019 fears, on November 26, the <a href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2025\/11\/26\/child-sexual-abuse-council-reaches-position-on-law-protecting-children-from-online-abuse\/\" target=\"_blank\" rel=\"noopener\">Council issued a statement<\/a> saying that all monitoring of communications will be performed by providers on a voluntary basis. It also announced a modified approach to the automated scans, dubbed <a href=\"https:\/\/www.patrick-breyer.de\/en\/posts\/chat-control\/\" target=\"_blank\" rel=\"noopener\">Chat Control<\/a> by privacy campaigners, as a new way of tackling child abuse online.<\/p>\n<p>However, privacy campaigner and former member of European parliament <a href=\"https:\/\/www.patrick-breyer.de\/en\/\" target=\"_blank\" rel=\"noopener\">Patrick Breyer<\/a> noted, \u201cthe enterprise aspect was often overlooked in this debate.\u201d<\/p>\n<p>While there has been plenty of talk about the protection of individuals, Breyer said that, for CISOs and enterprises, the EU proposals should be a red flag. He pointed out there could be a real risk of the leakage of sensitive data. \u201cThe technology has high error rates. For a corporation, a \u2018false positive\u2019 could mean that confidential internal documents, code, or strategic plans are flagged and sent to external authorities or police forces without the company\u2019s knowledge,<strong>\u201d<\/strong> he said.\u00a0<\/p>\n<p>Breyer has been a long time critic of the EU proposals, and feels that the move to voluntary monitoring of communications is not enough protection.<\/p>\n<p><strong>\u201c<\/strong>The headlines are misleading: Chat Control is not dead, it is just being privatized<strong>,\u201d<\/strong>\u00a0 wrote <a href=\"https:\/\/www.patrick-breyer.de\/en\/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously\/\" target=\"_blank\" rel=\"noopener\">Breyer on his website<\/a>.\u00a0<strong>\u201c<\/strong>What the Council endorsed today is a Trojan Horse. By cementing \u2018voluntary\u2019 mass scanning, they are legitimizing the warrantless, error-prone mass surveillance of millions of Europeans by US corporations, while simultaneously killing online anonymity through the backdoor of age verification.\u201d<\/p>\n<p>Breyer\u2019s position is supported by another digital privacy group, European Digital Rights (EDRi). It posted <a href=\"https:\/\/www.linkedin.com\/posts\/european-digital-rights_chatcontrol-csaregulation-encryption-activity-7399432202427748352-Psot\/\" target=\"_blank\" rel=\"noopener\">a statement on LinkedIn<\/a> saying that digital rights may still be at risk. \u201cWe want to be absolutely certain that lawmakers don\u2019t leave loopholes that would lead to harm,\u201d it said. \u201cFor example, the Council text would have been better if it expressly rejected the use of \u2018client-side scanning\u2019 tools, as a lot of discretion is still left to national authorities.\u201d<\/p>\n<p>In particular, EDRi drew attention to the possibility of voluntary monitoring. \u201cThis means that Big Tech companies can decide to scan your personal messages, without suspicion that you\u2019re doing anything wrong, and apply error-prone predictive AI tools to look for evidence of abuse. This sort of scanning already happens, with very little transparency and oversight, and no proper legal basis,\u201d said the organization.<\/p>\n<p>And for corporations looking to protect their intellectual data and maintain secure communications, the threat is very real, said Breyer. \u201cIn short: If this proposal passes, no European company can guarantee the confidentiality of its communications any more.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Data privacy campaigners have warned that any celebration of the news that the European Union (EU) has abandoned its plans to break end-to-end encryption in mobile messaging apps could be short-lived.\u00a0 According to one expert, this announcement should be a \u201cred flag\u201d to organizations operating within Europe. There has been a long-standing threat to end-to-end [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5981,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5980","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5980"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5980"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5980\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5981"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}