“Politicians have now discovered that people are using VPNs to protect their privacy and bypass these invasive laws. Their solution? Entirely ban the use of VPNs.”
The current Danish government is clearly no friend of online privacy or anonymity. During its rotating six-month presidency of the EU council, which is, thankfully, coming to an end, it tried to push through the European Commission’s proposed Regulation to Prevent and Combat Child Sexual Abuse — aka, the “Chat Control Law” — despite widespread opposition.
As we noted at the time, the ostensible goal of the proposed regulations — curbing the spread of child sexual abuse material (CSAM) online — is commendable. However, the way the EU was going about it not only threatened fundamental rights and protections for everyone; it risked transforming the Internet into an even more centrally controlled, surveilled environment.
In its original form, the proposed law effectively mandated the scanning of private communications, including those currently protected by end-to-end encryption. If enacted, messaging platforms, including WhatsApp, Signal and Telegram, would have to scan every message, photo and video sent by users, even when encrypted.
The proposal was opposed by enough member states, including Germany, in large part due to grassroots pressure, to prevent it from passing the EU Council. So, the Danish government went back to the drawing board. The compromise bill it came up with mandates a voluntary search for sensitive material in private chats, instead of general monitoring, and was duly approved.
While a marked improvement on the original, the new proposal still raises serious concerns. Former MEP Patrick Beyer, one of the key defenders of privacy in Europe, warns that three major problems still remain unsolved. From Euronews:
[T]he proposal still does not follow the European Parliament’s position that only courts can decide to access communication channels; it still bans children from downloading messaging apps; and, lastly, anonymous communication is effectively outlawed. [T]he current Danish proposal does not follow the European Parliament’s (EP) position to allow scanning of communications only by court order. The EP’s proposal is a fundamental safeguard for Europeans’ privacy of communications and sets a standard that cannot later be changed by extra pressure from EU institutions, such as the famous “Voluntary Codes of Practice/Conduct” we’ve seen for general-purpose AI and disinformation. “Voluntary” in Europe often isn’t: opting out of a “voluntary code” can mean stricter treatment, nudging tech firms toward de facto mandatory scanning without explicitly regulating it… [T]he Danish proposal’s Article 4(3) would effectively ban anonymous email and messenger accounts, as well as anonymous chatting: “They would need to present an ID or their face, making them identifiable and risking data leaks”. This alone should alarm journalists and civil society organisations that rely on private communication with whistleblowers.
Seemingly not satisfied with achieving a consensus on EU-wide control of messaging apps, the Danish government recently came up with a legislative proposal that sought to ban the domestic use of VPNs — to access geo-restricted streaming content and bypass website blocks.
The proposal formed part of a broader legislative effort to combat online piracy that has alarmed digital rights advocates, reported Tech Radar:
Jesper Lund, chairman of the IT Political Association, expressed deep concern over the bill’s ambiguous language, stating it has a “totalitarian feel to it.” Lund argued that the current wording could be interpreted so broadly that it would not only criminalize streaming but also hinder the sale and legitimate use of VPN services across Denmark. “Even in Russia, it is not punishable to bypass illegal websites with a VPN,” Lund told Danish broadcaster DR, pointing out that the proposed Danish law could go further than measures seen in more authoritarian states.
... continue reading