CPDP.ai conference 2025 meets JDT - SkyECC as a case study

Today our member Justus Reisinger spoke at the panel “the encryption challenge” on the conference of the CPDP (Computer Privacy & Data Protection). Among other stakeholders from EU-level in this field, the importance of (end-to-end) encryption was discussed.

Reisinger talked about the lessons to be learned from SkyECC, as “a case study”. After more than four years of litigation in all kinds of procedures in the European Union, as well as on national as on European level, there is still no judge who really assessed of the legality (and reliability) of the untargeted acquiring and processing of the SkyECC-data. In particular an “ex post facto review” is lacking, while we know that there was no reasonable suspicion against (all of) the Sky ECC-users whose communications were intercepted. In fact, even afterwards judges who did rule on this mere question, came to the conclusion that there is no proof of such a suspicion, not even afterwards.

That brings us to the very frightening realization: the interception of all communication did, indeed, gave evidence useful for fighting crime, but at what cost? And it could and should be argued that the same would apply for Signal or even WhatsApp…

It’s time to have a real discussion on this in every courtroom where SkyECC-data are discussed as (potential) evidence. In particular when the guilt of individual suspects should be based upon these data!