The post is about the EU moving to extend a temporary legal carveout that lets providers voluntarily scan non-encrypted communications for child sexual abuse material. Several people pointed out that this is not the same as the much more controversial "Chat Control 2.0" plan, which would force scanning and collide directly with end-to-end encryption. That distinction mattered. The temporary rule is narrower than the scary version, and some readers said the article blurred them together.
Even with that correction, the dominant read was bleak. People saw this as the familiar ratchet. First legalize voluntary scanning. Then claim companies are not doing enough. Then make it mandatory. The child-safety framing did not persuade most commenters that the policy is effective. The sharper argument was practical, not just ideological: mass scanning produces huge volumes of low-signal reports, while real child exploitation is still a labor-intensive law enforcement problem that requires investigators, warrants, and arrests. Several readers said the appeal of scanning is precisely that it is cheap for politicians. It offloads costs onto platforms and creates the appearance of action without funding the hard work.
The conversation also landed on a broader view of EU privacy politics.
GDPR was framed as protecting people from commercial misuse of data, not from state access. In that reading, there is no contradiction at all. The EU is comfortable restricting what companies may do while expanding what governments may compel. A few commenters pushed back on the fatalism and noted that constitutional limits already exist. The Charter of Fundamental Rights and likely Court of Justice review could still kill a broader measure. The catch is timing. Bad laws can run for years before courts strike them down, and by then the infrastructure and precedents are already in place.