Application of EU law in the area of privacy and confidentiality of communications

Priority question for written answer P-001566/2026
to the Commission
Rule 144
Birgit Sippel (S&D)

Private companies such as Meta, Snapchat, Google and Microsoft continue to scan private communications without a legal basis, which raises profound concerns about the rule of law. The case law regarding the ePrivacy Directive establishes that mass or indiscriminate surveillance of communications constitutes a serious interference with the fundamental rights to privacy and data protection. Allowing private companies, headquartered in the US, to unilaterally determine which legal framework to follow, particularly in a sensitive area such as the confidentiality of communications, risks undermining democratic accountability, the integrity of fundamental rights in the EU and the effective application of EU law.

• 1.In the absence of Regulation (EU) 2021/1232, on what legal basis, if any, can providers of Number Independent Interpersonal Communications Services continue their scanning of private communications for (un)known child sexual abuse material and grooming, and what enforcement actions will the Commission take against companies for such processing without a derogation?
• 2.Does the Commission consider any kind of continued scanning of private communications by US providers to be compatible with Article 5(1) of the ePrivacy Directive and Articles 5, 6 and 9 of the GDPR, in the absence of explicit consent or another valid legal basis?
• 3.What measures does the Commission intend to take to ensure that providers do not unilaterally interpret or bypass EU law, and how will it safeguard the rule of law and fundamental rights if such practices continue, including through the use of infringement proceedings or cooperation with the European Data Protection Board, to ensure that providers do not fill the legislative gap with unchecked self-regulation?

Submitted: 16.4.2026