You can't sacrifice freedom to protect children
En el corazón de Europa se libra un debate que trasciende la tecnología: ¿puede una sociedad libre vigilar sus propias conversaciones privadas en nombre de proteger a los más vulnerables? La Unión Europea se prepara para votar una regulación que obligaría a las empresas tecnológicas a escanear mensajes privados en busca de material de abuso sexual infantil, un fenómeno que afecta a uno de cada cinco niños y genera 30 millones de denuncias anuales solo en Estados Unidos. La propuesta, impulsada durante la presidencia española del Consejo, encarna una tensión tan antigua como la propia civilización: el orden y la seguridad frente a la libertad y la intimidad. Lo que se decida en Bruselas no solo definirá el futuro de internet en Europa, sino que trazará una línea en la historia sobre hasta dónde puede llegar el Estado en nombre del bien común.
- El abuso sexual infantil en línea ha crecido un 6.000% en una década, y la mayoría de las empresas tecnológicas no reportan nada de forma voluntaria, dejando a millones de víctimas sin protección.
- La regulación propuesta convertiría el escaneo de comunicaciones privadas en una obligación legal, lo que organizaciones de derechos digitales califican como la mayor amenaza al cifrado y la privacidad en la historia de internet.
- Los falsos positivos ya han destruido vidas: padres denunciados por fotos médicas de sus hijos, profesores que perdieron archivos enteros, y el riesgo de que las grandes tecnológicas actúen como policía privada con criterios propios.
- Los defensores de la propuesta insisten en que el escaneo es anónimo, no rompe el cifrado y requiere revisión humana antes de cualquier denuncia, comparándolo con el escáner de un paquete postal.
- La votación, prevista bajo la presidencia española, podría sentar un precedente global que redefina los estándares de privacidad digital en todo el mundo.
La Unión Europea está a punto de votar una regulación que obligaría a las empresas de internet a escanear mensajes privados en busca de material de abuso sexual infantil. La propuesta, impulsada por el eurodiputado conservador español Javier Zarzalejos y respaldada por la comisaria Ylva Johansson, convertiría en obligatorio lo que hoy es voluntario: detectar, reportar y eliminar contenido de explotación infantil. Los números que la justifican son demoledores: uno de cada cinco niños ha sufrido alguna forma de abuso sexual en línea, los casos denunciados se han multiplicado por 60 en una década, y el centro estadounidense para niños desaparecidos y explotados recibe 30 millones de reportes al año, más de un millón procedentes de países de la UE.
Las organizaciones de protección infantil apoyan la medida y la consideran un paso imprescindible. Zarzalejos defiende que el escaneo funcionaría como un detector de correo postal: los mensajes pasan por un filtro algorítmico sin que nadie lea su contenido, la revisión humana es obligatoria antes de cualquier denuncia, y el cifrado permanece intacto. Cada Estado miembro tendría que aprobar las medidas de protección aplicadas en su territorio.
Sin embargo, la oposición es intensa. Xnet y European Digital Rights advierten que la regulación es, en realidad, un mecanismo de vigilancia masiva disfrazado de protección infantil. Sergio Salgado, de Xnet, señala que los falsos positivos ya han causado daños reales: cuentas suspendidas, archivos borrados, vidas interrumpidas. Su temor más profundo es que las grandes empresas, ante la duda, opten por eliminar contenido de forma preventiva, convirtiendo la moderación en censura y sobrecargando a los investigadores reales con denuncias falsas.
Lo que está en juego no es solo una ley técnica sobre algoritmos. Es una pregunta sobre los límites del poder del Estado en el espacio digital y sobre si es posible proteger a los niños sin sacrificar las libertades que definen una sociedad abierta. La respuesta que dé Europa resonará mucho más allá de sus fronteras.
The European Union is preparing to vote on a regulation that would require internet companies to scan private messages for child sexual abuse material—a proposal that sits at the raw intersection of two irreconcilable goods: protecting children from exploitation and preserving the privacy of digital communication.
The regulation, expected to pass during Spain's EU presidency if the timeline holds, would make content scanning mandatory rather than voluntary. Right now, tech companies can choose whether to report suspected abuse. The EU has found that most reports come from a handful of firms, while many do nothing at all. The problem they're trying to address is real and growing: one in five children has experienced some form of sexual abuse online, according to research by the Council of Europe. In the last decade alone, reported incidents have surged by 6,000 percent. The U.S. National Center for Missing and Exploited Children receives 30 million reports annually—more than a million of them from EU member states.
Child protection organizations have lined up behind the proposal. In an open letter, groups fighting for children's rights and online safety called it a critical step toward better protection. The regulation's main architect is Spanish conservative MEP Javier Zarzalejos, with backing from Swedish Social Democrat Ylva Johansson, the EU's internal affairs commissioner. Their argument is straightforward: the scale of abuse is staggering, and companies have the tools to help stop it. They should be required to use them.
But the proposal has triggered fierce opposition from digital rights advocates who see it as a Trojan horse for mass surveillance. The regulation itself acknowledges that it will limit fundamental rights—privacy, confidentiality of communications, data protection, freedom of expression. The EU's response is that no right is absolute, and these limitations can be justified in service of a greater good. The scanning would use algorithms designed to be "the least intrusive" possible and would operate "anonymously." Human review would be required before any report goes to law enforcement. The technology, Zarzalejos argues, works like a mail scanner at the post office: letters pass through to check for illegal contents, but that doesn't mean postal workers read your correspondence.
Xnet, a network of digital rights defenders, rejects this analogy entirely. Sergio Salgado, a member of the group, argues the regulation is really about dismantling encryption and privacy—an old dream of governments that have always seen secure communications as a problem. He points to a concrete danger: false positives. Google once suspended accounts of American parents who sent photos of their children to pediatricians. A Spanish teacher lost access to thousands of cloud files because the company flagged images as suspicious. "Large companies will become a private police force," Salgado says, "and they'll take a conservative approach. When in doubt, they'll delete. Their priority won't be maintaining free speech and open conversation online." He also warns that false accusations will flood the investigators actually pursuing real cases, making their work harder, not easier.
European Digital Rights, an international coalition, agrees and is calling for the regulation to be withdrawn. They argue it will force all our chat and email providers to know what we're writing at all times and will eliminate anonymity from many legitimate online spaces.
Zarzalejos pushes back on all of this. He emphasizes that companies won't apply the same measures everywhere—a paid service with age verification works differently than an anonymous chat app. Each member state's authorities will have to approve the protective measures. He also disputes that scanning violates privacy: encryption stays in place, the technology is extremely reliable, and it works like spam detection, identifying patterns without accessing message content. "No one is going to conclude that a child is being abused or groomed based on one or two sentences or photos of my grandchildren at the beach," he says.
The vote is coming. What passes will reshape how the internet works in Europe and likely influence policy elsewhere. The question hanging over it all is whether you can sacrifice privacy to protect children, or whether that trade-off destroys the very freedoms you're trying to defend.
Notable Quotes
The idea is ancient: ending internet encryption and the privacy of communications. This is the old dream of power.— Sergio Salgado, Xnet digital rights activist
As adults, it is our duty to protect children. Child sexual abuse is a real and growing danger. The proposal establishes clear obligations for companies to detect and report abuse, with strong safeguards to ensure everyone's privacy.— Ylva Johansson, EU Internal Affairs Commissioner
The Hearth Conversation Another angle on the story
Why is this regulation so contentious if both sides agree child abuse is terrible?
Because they disagree fundamentally on whether scanning private messages actually stops abuse or just creates the infrastructure for something worse. One side sees a tool; the other sees a precedent.
What's the false positive problem Salgado keeps mentioning?
Google once locked out parents who sent photos of their kids to doctors. A Spanish teacher lost his files because an algorithm flagged innocent images. If millions of messages get scanned, innocent people will be caught in the net—and their lives disrupted while they prove they did nothing wrong.
But Zarzalejos says human reviewers will catch those mistakes before anything happens.
That's the theory. In practice, companies have legal liability and will err on the side of caution. They'll delete first and apologize later, if at all. And the sheer volume of false flags will overwhelm the people actually investigating real crimes.
Is encryption really going to disappear?
Not immediately. But if companies have to scan messages to comply with law, encrypted messages become a liability. Over time, the pressure to weaken encryption—or abandon it—becomes irresistible. That's what digital rights groups fear most.
What does Johansson say to that?
She frames it as an adult responsibility: we have a duty to protect children from a real and growing danger. She says the regulation includes strong safeguards for everyone's privacy, including children's. But critics say those safeguards are theoretical—they depend on companies and governments acting in good faith.
So who wins this argument?
Spain votes soon. The child protection groups have momentum and moral clarity. But if the regulation passes and creates chaos—innocent people flagged, investigators overwhelmed, encryption weakened—the backlash could be severe. This isn't settled.