Stefano Gazzella : 18 September 2025 08:00
We had already discussed the proposed “ChatControl” regulation almost two years ago, but given the roadmap currently underway, we find ourselves embarrassed to have to discuss it again. It feels like déjà vu, but instead of the black cat in the hallway, we are witnessing the EU, alternating generous doses of fatal slopes and stolen arguments, continuing to align its desire for technological control with the US example denounced at the time by Snowden. Probably because of the ambition inherent in the Old Continent, which still believes itself to be the center of the world.
But can we really think that it will be of any use to publish yet another article discussing the excessive nature of a regulation that, in effect, aims to universally control the content of messaging platforms, systematically violating correspondence and imposing a state backdoor? In practice, by proposing methods to bypass e2e encryption, considered intrinsically dangerous.
Is it really necessary to waste words on this topic, which is debated, but only within the circles of experts and digital rights enthusiasts? It’s probably useless.
Of course, Wilde famously said, “All art is perfectly useless,” and so it’s better to celebrate uselessness rather than become useful, self-directed idiots. If a gentleman from Rotterdam praised madness, then let those who wish to pay homage to healthy uselessness also be granted permission.
We’re talking about uselessness because yet another article against ChatControl doesn’t contribute anything new to concerns that emerged well over two years ago, it doesn’t reveal any inconvenient truths, and it can’t uncover any hidden agendas or conspiracies. Everything has been and is perfectly clear for all to see within the institutional proceedings: publicly proposed, announced, and celebrated.
Unlike E. A. Poe’s purloined letter, nothing is hidden or concealed, except for the part where we will ask ourselves tomorrow how did we get to this point? Also understanding that talking about protecting children is an excellent rhetorical tool to force the hand and undermine all those balances of proportionality that otherwise guarantee the coexistence of multiple fundamental rights. Inhibiting any further questions about adequacy and effectiveness, as it conceals poisons including the accusation of failing to prevent online child pornography and other horrors.
When the canons of proportionality are disregarded, which, we recall, is a fundamental principle of European legislation, we find ourselves faced with tyrannical rights. Such rights often already creep into widespread beliefs and, fueled by fear and emergency, tend to be unproven and disruptive. Public safety has always been a great classic, which has led to the formulation of false dichotomies: privacy or security? Freedom or security? and insinuations like but what do you have to hide that the State cannot know? Deliberately distorting the right to privacy, which, in truth, does not concern what we want to hide but rather everything we want to protect about our individual sphere and which prevents, for example, indiscriminate controls or excessive intrusions even by public authorities.
With the approval of ChatControl, would the European Union of tomorrow be a third country capable of guaranteeing an adequate level of protection pursuant to Article 45 of the GDPR? Yes, we are talking about that issue that is the subject of ongoing disputes with the United States. How would the European Union today view this in a paradox where we mentally eliminate the linear concept of time?
One could say that the CJEU, by expressing its opinion on the legitimacy of the collection and use of data by US intelligence agencies, could in some way justify similar activity by the European Union. A more negative view might also be that the CJEU has revealed over time its ambition to be an international policy body rather than a bastion of domestic justice. Thinking badly, committing sin, erring just a little.
Establishing a legal obligation, such as the one being introduced for online service providers, is not sufficient to justify or render lawful any subsequent processing under the GDPR. The legal basis, even if imposed by law, must include “measures to ensure lawful and fair processing” and pass the stress test of proportionality with respect to the legitimately pursued objective.
Which, with regard to ChatControl, raises many doubts. But it does so especially among experts, enthusiasts, and activists.
Finally, we must ask ourselves the most uncomfortable question: who cares about the issue of digital privacy?
Using the metaphor of oxygen, we will realize its importance when it begins to run out. It’s a shame that wounds or cracks in the law are difficult to heal, because they spread through that widespread culture (or lack thereof) that somehow justifies the raison d’être of a law.
When the media are no longer the watchdog of digital democracy, but become the lapdog of power, perhaps there’s a cultural problem. Yet, access to information is free. For now. Therefore, most people should be informed about the ChatControl affair, or have the desire to learn about it. Of course, if the narratives currently being spread speak of privacy obsessions or present the false dichotomies mentioned above, it becomes difficult to navigate.
This debate thus exists in the information bubbles of those who already know, have formed an opinion, and, in most cases, are against it. Leaving other digital citizens impervious to doubt.
In the present age, when irresponsibility is a palliative, thinking that giving up digital rights is someone else’s problem, because one has nothing to hide, perhaps most fuels the possibility that sooner or later, if not ChatControl, future attacks on Internet freedom will have a successful outcome.
Under the thunderous applause of the democratic defense of some high value.
Simply, without asking too many questions.
Stefano Gazzella