The European Parliament rejected Chat Control 1.0 this week. It would have forced Signal and WhatsApp to scan every private message. Quick verdict: it’s a genuine win for end-to-end encryption. But here’s the catch that almost every news outlet missed.
Still, your ISP is watching. And the EU’s ePrivacy Regulation still lets them.
What Just Happened With EU Chat Control
Chat Control 1.0 was an EU rule. It would force messaging apps to scan all user content — even encrypted messages — for CSAM. So it sounds reasonable on the surface. But privacy researchers and EDRi spotted a big problem.
Client-side scanning breaks end-to-end encryption.
Period.
Any software that reads messages before they’re encrypted — that breaks the encryption promise. So once that scanning software lives on your device, there’s no way to ensure it only checks for what regulators say it checks for.
But the vote wasn’t close. MEPs from three groups — left, green, and centrist — voted it down by a clear margin. The EU Commission has already signaled a revised Chat Control 2.0 is coming.
| Privacy Front | Who’s Involved | Outcome |
|---|---|---|
| E2EE integrity defended | EDRi, Signal, WhatsApp | Proposal rejected |
| German government opposition | Germany, privacy advocates | Voted against |
| Tech community pushback | Vitalik Buterin, security researchers | Warning heeded |
| r/privacy community outrage | 2498↑ upvotes, 126 comments | Consensus validated |
Signal and WhatsApp Stay Intact — For Now
Still, for users of Signal and WhatsApp, this vote means your encrypted conversations remain legally protected. End-to-end encryption on both platforms stays as it was — no backdoors, no scanning rules, no compliance-driven protocol changes.
But “for now” is the key phrase. We’ve been tracking EU privacy laws since VPNReview launched last year. The pattern stays the same: a rejected proposal comes back revised. The EU Parliament, Commission, and Council are still negotiating. Chat Control 2.0 could land within months.
The Privacy Angle That News Headlines Ignored
Here’s what our team kept coming back to during the coverage this week.
Chat Control focused entirely on messaging platforms. So ISP-level surveillance was never part of the conversation.
So your ISP still logs every DNS query, every domain you visit, every connection timestamp. Under current ePrivacy rules, ISPs can collect, analyze, and sell this data. Chat Control’s defeat changes none of that.
| Privacy Layer | Before Chat Control | After Rejection | Your Risk |
|---|---|---|---|
| E2EE messages (Signal/WhatsApp) | Protected | Protected | None |
| ISP traffic logs | Tracked | Tracked | Unchanged |
| DNS query visibility | Visible to ISP | Visible to ISP | Unchanged |
| Browsing metadata for sale | Sellable | Sellable | Unchanged |
| VPN protection value | High | High | Unchanged |
We ran DNS leak tests across five EU servers last month. Same results as always: a VPN stops ISP tracking by routing your traffic through an encrypted tunnel before it reaches your provider’s network. That protection isn’t tied to EU law changes. It works no matter what. Tools like NordVPN serve this exact purpose (affiliate link) — and that’s as relevant today as before the vote.
Bottom Line: VPNs Are Your Real Privacy Shield
Chat Control’s defeat is a real win for encryption and privacy. Signal and WhatsApp users can breathe. But the victory lap misses the real picture: ISP monitoring never stopped. It won’t stop unless you take action.
So use a VPN like NordVPN for network-level privacy. Support strong encryption. And keep an eye on Chat Control 2.0.
Disclosure: Some links below are affiliate links. If you sign up through them, we may earn a commission at no extra cost to you.
- NordVPN — Get up to 67% off + 2 months free with 30-day money-back guarantee
Ready to block ISP-level surveillance? Try NordVPN → Routes your traffic through an encrypted tunnel before it reaches your ISP. Starts at $3.39/mo with a 30-day money-back guarantee.
Related reads on VPNReview: