Rising Digital Tensions: EU Privacy Battles, Spyware Threats, and TikTok Under Fire
As tech giants face growing scrutiny in Europe, three major developments are making headlines: the EU advances a controversial message-scanning law, a WhatsApp vulnerability enables spyware attacks, and France considers criminal action against TikTok over youth safety.
EU advances ‘Chat Control’ Law & sparks major Privacy Backlash
The European Union is moving closer to approving the controversial “Chat Control” regulation, which could force tech companies to scan users' private, encrypted messages to detect child sexual abuse material. Under the proposed law, companies would be required to implement client-side scanning tools. Technology that examines messages, images, and videos before encryption to identify both known and unknown harmful content. While EU leaders claim the law is aimed at protecting children, privacy advocates warn it could deal a severe blow to online privacy.
The backlash has been swift and intense. Over 660 researchers signed an open letter condemning the plan as ineffective and dangerous, warning that AI-based scanning systems are prone to errors and mass false positives. Critics argue the regulation essentially treats every EU citizen as a suspect, creating a de facto system of mass surveillance. Some companies like Signal have threatened to exit the EU if the law passes, and others like Tuta Mail plan legal challenges. With member states still divided and Germany seen as the deciding vote, the future of secure digital communication in the EU hangs in the balance.
Zero-Click Spyware Targets WhatsApp Users on iOS in Sophisticated Attack
Meta has confirmed that a newly discovered WhatsApp vulnerability (CVE-2025-55177) allowed attackers to install zero-click spyware on iOS devices without user interaction. The flaw, which stems from improper authorization in device synchronization messages, was chained with a separate Apple OS-level vulnerability (CVE-2025-43300) involving JPEG image processing. Together, they enabled malicious actors to remotely compromise around 200 targeted users. Likely including journalists, activists, and political dissidents. Apple patched its side of the vulnerability in August 2025, while WhatsApp released security updates shortly after.
Cybersecurity experts warn that such spyware campaigns pose an ongoing threat, especially as zero-click exploits are notoriously difficult to detect or prevent. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the WhatsApp vulnerability to its list of Known Exploited Vulnerabilities, urging users to update by September 23. Amnesty International also raised concerns that Android users may have been impacted, and cautioned that the exploited image library could affect other apps beyond WhatsApp. The incident echoes past spyware campaigns, including those tied to Pegasus, and underscores the continuing risk of digital surveillance against civil society actors.
French Lawmaker Seeks Criminal Probe Into TikTok Over Youth Safety Concerns
A French parliamentary committee has accused TikTok of endangering the health and lives of minors and recommended criminal action. Socialist lawmaker Arthur Delaporte, who chairs the committee, formally requested a criminal investigation, citing potential charges of complicity and perjury. The committee’s report claims TikTok executives misled lawmakers during hearings and failed to prevent harmful content that may have contributed to child suicides echoing concerns raised in a 2024 lawsuit by seven families.
TikTok has pushed back against the findings, calling the report misleading and defending its safety policies for teens. Nonetheless, the committee has proposed sweeping measures, including banning social media for children under 15 and enforcing nighttime curfews for users aged 15–18. These developments add pressure on European regulators to tighten control over youth exposure to digital platforms, a goal supported by French President Emmanuel Macron, who has called for EU-wide action following tragic youth-related incidents tied to online content.
