The EU is preparing to destroy digital privacy – and Cyprus supports it

‘Chat Control’ threatens to turn every smartphone into a government surveillance tool

By Andreas Shialaros

On October 14, 2025, the European Union will vote on legislation that could fundamentally alter digital privacy across Europe – a regulation requiring communication platforms to automatically scan all messages, photos and emails before transmission. Cyprus currently supports this measure, which critics argue represents an unprecedented expansion of surveillance powers.

What is ‘Chat Control’

Under the pretext of combating child pornography, the EU proposes to force every messaging platform – WhatsApp, iMessage, Messenger, Instagram, Telegram, Signal, Gmail and all communication apps – to implement government-mandated scanning technology that will analyse every private communication with artificial intelligence and report suspicious content to authorities.

The most scandalous part? Political figures’ accounts are exempt from surveillance, while all other members of the public will be systematically monitored.

Scenarios that will become daily reality

Imagine these situations becoming reality:

Family moments turned into nightmares: A mother sends a photo of her baby in swimwear at the beach. The AI flags it as “suspicious” and automatically reports it to authorities. The family finds itself under investigation for abuse, facing police interrogations and visits from social services.

Teenage relationships destroyed: A couple of 17-year-olds exchange photos. The system, which cannot distinguish ages, flags them as “child pornography”. The young people face unnecessary harassment from authorities.

Educational content censored: An art teacher sends a reproduction of a classical work featuring nudity for a lesson. It’s blocked as “child pornography” and they face interrogation.

Medical consultations compromised: A parent photographs their child’s injury seeking urgent medical advice from a family doctor. The AI system, unable to distinguish medical necessity from abuse, triggers an automatic report. The family faces child protection investigations despite seeking legitimate healthcare.

The destruction of the legal profession

As a lawyer, I see profound implications for legal practice. Chat Control threatens the fundamental principle of attorney-client privilege enshrined in legal systems across Europe. Every communication with clients, case strategies and confidential legal advice would be subject to automated government scanning.

This creates a chilling effect on legal representation. Clients may withhold sensitive information, knowing their communications aren’t truly confidential. The very foundation of effective legal defence – the ability to speak freely with one’s lawyer – would be compromised.

Moreover, this system creates a two-tier justice system where, reportedly, certain categories of users (including political figures) may be exempt, while the ordinary public face systematic monitoring.

The technical reality

Current AI technology cannot reliably distinguish context, intent or legal content. Even with claimed 99.9 per cent accuracy – which independent experts consider optimistic – the volume of daily communications in Europe would generate thousands of false positives daily. Law enforcement resources would be overwhelmed, investigating innocent people while actual criminals adapt to use alternative communication methods.

Furthermore, security experts warn that mandating backdoors for scanning weakens encryption for everyone, potentially exposing the public to criminal hackers and foreign surveillance. The European Court of Human Rights confirmed in Podchasov v. Russia that such encryption-weakening measures “could be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications”.

Why is it illegal?

This regulation faces significant legal challenges under established European law:

European Convention on Human Rights (Article 8): The European Court of Human Rights (EctHR) has consistently ruled that mass surveillance measures must be necessary in a democratic society and proportionate to their aims. Most recently, in the landmark Podchasov v. Russia case (2024), the ECtHR ruled that weakening encryption mandates violates fundamental privacy rights. The court specifically found that requirements to decrypt communications risk weakening the encryption mechanism for all users and constitute disproportionate interference with privacy rights.

EU Charter of Fundamental Rights (Articles 7 & 8): These guarantee respect for private life and data protection. The Court of Justice of the European Union (CJEU) has ruled in cases like Digital Rights Ireland that mass data retention violates these principles.

GDPR compliance concerns: Processing all communications constitutes mass data processing that likely lacks adequate legal basis under GDPR Article 6, and fails to meet the data minimisation principle.

Right to effective legal representation: The systematic breach of attorney-client privilege could violate Article 6 ECtHR (fair trial rights). The ECtHR has repeatedly recognised attorney-client privilege as a fundamental requirement of a democratic society and as a corollary to the rights of the defence, essential for effective legal representation.

The CJEU has established clear limits on surveillance measures in its Digital Rights Ireland ruling, which struck down the Data Retention Directive for being disproportionate mass surveillance. Additionally, in the Schrems decisions, the CJEU invalidated EU-US data transfer agreements partly due to concerns about mass surveillance programmes. This Chat Control measure appears to contradict established CJEU jurisprudence requiring targeted, proportionate surveillance measures.

Internal EU legal warnings ignored

The European Council’s own Legal Service has repeatedly warned that Chat Control violates fundamental rights. In a leaked legal opinion from April 2023, council lawyers concluded that the proposal would “highly probably” constitute “general and indiscriminate” surveillance that the CJEU has consistently rejected. The legal experts warned that the measure would make “the right to confidentiality of correspondence become ineffective and devoid of content”.

Even more significantly, a leaked internal German government protocol from the July 11, 2025 EU Council working group meeting reveals that the Council Legal Service maintains its position that the latest Danish proposal violates fundamental rights. According to the classified document published by Netzpolitik.org, council lawyers stated that “the core problems of access to communication for potentially all users remain unchanged” and that client-side scanning “is a violation of human rights and does not depend on the type of technology”. The legal experts also referenced the 2024 Podchasov v. Russia ruling, emphasising that weakening end-to-end encryption affecting all users constitutes a violation of Article 8 of the European Convention on Human Rights. Despite these clear legal assessments from their own advisors, EU governments are pressing ahead with a regulation that their own lawyers say violates fundamental rights.

Cyprus on the wrong side of history

Unfortunately, Cyprus appears to support this mass surveillance. Of the 27 EU member states, only three clearly oppose it (Netherlands, Poland, Czech Republic), while 19 states support some form of Chat Control, and five remain undecided. Cyprus stands firmly in the mass surveillance camp, having even signed a joint position in 2023 in favour of scanning even encrypted communications, supporting this unprecedented violation of human rights.

What can we do?

Time is running out. The vote is in less than two months. Contact your MEPs immediately – all six Cypriot representatives need to hear constituent concerns. Additionally, reach out to the Cyprus government through official channels, as member state positions significantly influence EU negotiations.

Citizens can also support digital rights organisations challenging this legislation and stay informed through resources like fightchatcontrol.eu, which tracks the legislative process and provides templates for contacting representatives.

This is not simply a discussion about technology. It’s a battle for the kind of society we want to leave to our children. Do we want a society where every private moment, every personal thought, every confidential conversation will be monitored by government systems, or a society that respects fundamental rights and human dignity?

The choice is ours. But only if we act now.

Andreas Shialaros is a Cyprus-based lawyer who deals with digital rights and data protection issues among other areas