Lisbon · Tuesday, 14 Jul 2026 NB Edition · Nº 079
← Back to news
Cibersegurança · Privacidade NB-L078

The majority of MEPs voted against, but the scanning of your messages carries on

A majority of MEPs voted against the return of "Chat Control", yet it passed. It was not a lack of quorum, it was the design of the process. What that means for your messages.

The majority of MEPs voted against, but the scanning of your messages carries on
FIG. NB-L078 · Cibersegurança · Privacidade

On 9 July 2026, 314 members of the European Parliament voted to stop the return of "Chat Control" and only 276 voted in favour. A majority of those in the room said no, and yet the scanning of Europeans' private messages carries on.

It was not for lack of a quorum, contrary to what spread online. The quorum, the minimum number of members present for a vote to count, was more than met, with 607 of the roughly 720 MEPs casting a vote. What stopped the majority was not an empty chamber, it was a counting rule. At second reading, the stage where Parliament rules on the position already fixed by the governments, rejecting that position requires an absolute majority, 361 votes, not merely more votes against than in favour. The 314 who wanted to block it fell 47 short, and the absences and abstentions counted, in practice, in the text's favour. The majority lost on arithmetic, not on will. Patrick Breyer, one of the voices leading the opposition to these rules, put it bluntly: Chat Control moving forward against the will of the majority of MEPs who voted "is a farce".

Two laws with the same name

It helps to separate two things that both get called "Chat Control". What passed on 9 July is "Chat Control 1.0", a temporary derogation from the rules on communications privacy, the ePrivacy Directive, that allows platforms such as Meta, Google or Microsoft to voluntarily scan messages, emails and chats for child sexual abuse material. It allows, it does not compel. That is a very different thing from "Chat Control 2.0", the regulation that would create a mandatory duty of detection for every service and which, as of 14 July 2026, was still unresolved, under negotiation between Parliament, the Council and the Commission.

The voluntary version had expired on 3 April 2026, after Parliament itself refused to renew it in March, and it sat with no legal basis for three months. In late June, the President of Parliament, Roberta Metsola, reopened the file and sent it to the Council, which sent it back to Parliament right at the start of the summer recess, when an absolute majority is hardest to muster. On 7 July, the European People's Party group triggered the urgency procedure, which skips committee scrutiny and takes the text straight to the plenary, and two days later it was through.

The problem is not the vote, it is the method

What worries me is not the July vote itself, it is the path it opened. When a measure that a majority of those present rejects survives because of the calendar and a voting threshold, the process has stopped measuring will and started measuring timing. Any unpopular proposal can be steered through the same way: reopen the file, push it up against a recess, trigger the urgency, and the majority that would block it never gathers in time. That is how "voluntary" scanning became permanent in practice, now extended to 3 April 2028, pending the Council's response, expected in October.

And "voluntary" earns its quotation marks, because a platform that can read your messages looking for one kind of content builds the technical ability to read for any other. The position Parliament defended in 2023 was more balanced: targeted scanning, authorised by a judge, and explicit protection for end-to-end encryption, the system that makes sure only the sender and the recipient can read a message, not even the app in between. The push for mandatory scanning came mostly from the Council of the EU, where the member-state governments sit, not from Parliament. Even the Council's most recent position, from November 2025, which dropped explicit mandatory detection, kept "risk mitigation" duties that critics read as the same back door under another name. That distinction gets lost in the noise, but it is what tells you which side each institution is on.

What you can do

While "Chat Control 2.0" is not settled, some things are within your reach:

  • Use apps with end-to-end encryption by default. Signal is the cleanest example; WhatsApp encrypts the content of messages, though it still collects metadata.
  • Understand the difference between content and metadata. Even with encryption, who spoke to whom and at what time can stay visible.
  • Follow what gets decided in September, when the "Chat Control 2.0" talks resume under the Irish presidency. That is where mandatory scanning will be won or lost.
  • Write to your MEPs. In a vote decided by 47 ballots, public pressure is not decorative.

The line going around, "the majority voted no and it passed anyway", is true. What it leaves out is the point: this was not an accident or a failure of quorum, it was the design working exactly as it can be used against us. And what happened in July was only the rehearsal for what comes next.

Sources: Euronews, Patrick Breyer, EU Observer, Pplware.

#StaySafe
🙏🖖

Keep reading

More stories

See all →
Your new car already watches your face
Privacidade · Automóvel

Your new car already watches your face

Since 7 July, every new car in the EU comes with a camera pointed at the driver's face. The law forbids facial recogniti...

4 MIN · 12 Jul 2026 · NB-L075
Seven days to stop being the product
Cibersegurança · Privacidade

Seven days to stop being the product

A guide from an Anonymous account is going around on X: disappear from the internet in seven days. You will not disappea...

6 MIN · 22 Jun 2026 · NB-L048
They can locate any phone at any time, and there is nothing to uninstall
Cibersegurança · Privacidade

They can locate any phone at any time, and there is nothing to uninstall

A Citizen Lab report shows that surveillance companies can locate any phone in the world without ever touching it. The f...

5 MIN · 15 Jun 2026 · NB-L037
Weekly · No spam

The Boletim

A weekly summary of the cybersecurity, AI and technology stories that matter — written to be read in five minutes.

Unsubscribe with one click, any week.
BRI assistant

Quer saber sobre um projeto, um serviço ou uma notícia recente? Pergunte. Conheço todo o conteúdo deste site.