Global Encryption Coalition Asks Sweden to Not Enact the Proposed Data Storage Law

“The creation of an encryption backdoor creates vulnerabilities that would leave Sweden less safe against cyber threats and foreign adversaries,” the Global Encryption Coalition said in a joint letter published on April 8, 2025. The letter highlights concerns regarding the Swedish government’s proposed Data Storage and Access to Electronic Information legislation.“The organisation calls it ‘a dangerous approach.

’”The Global Encryption Coalition and 236 co-signatories of the joint letter opined that if enacted, the proposed legislation would significantly undermine the security and privacy of Swedish citizens, companies, and institutions. The organisations believe that although the proposed legislation aims to combat serious crime, it presents “a dangerous approach.”Compromising encryption can create vulnerabilities that criminals and other malicious actors could exploit to attack users in Sweden.



“Compromising encryption would leave Sweden’s citizens and institutions less safe than before,” the joint letter stated.The proposed law would force internet-based messaging apps like WhatsApp and Signal, and other companies, to store users’ communications and make them accessible to Swedish law enforcement agencies. “The consensus among cybersecurity experts is that complying with this requirement for end-to-end encrypted communications services will be impossible without forcing providers to create an encryption backdoor, akin to a master key that unlocks every door in a building,” the letter added.

The Swedish Armed Forces Wants End-to-End Encryption?This “master key” could create vulnerabilities that would leave Swedish people and organisations less safe against cyberattacks and foreign adversaries. In January 2025, the Swedish Armed Forces, Försvarsmakten, expressed similar concerns in a consultation response to the proposed legislation. According to Försvarsmakten, access requirements in end-to-end encrypted (E2EE) communications cannot be fulfilled without introducing vulnerabilities and backdoors that third parties could exploit.

The joint letter further stated that the proposed legislation would place platforms offering E2EE services in a difficult position. These services would either have to comply—thus compromising E2EE protection—or cease operations in the Swedish market. The Global Encryption Coalition believes either scenario would result in “less secure” private communications for Swedish citizens, companies, and institutions.

More than 40% of internet users in Sweden benefit directly from the security and privacy provided by E2EE communication services.Signal, the internet-based E2EE communication service, has reportedly threatened to leave Sweden if it passed the proposed Data Storage and Access to Electronic Information law.Journalists, Activists and Minorities Worst Affected?The proposed legislation could also put journalists, activists, and minorities at greater risk.

The joint letter noted that journalists rely on E2EE messaging services to protect their sources. Similarly, activists use these services to safely organise protests and demonstrations. Minorities such as the LGBTQ+ community also depend on E2EE services for safety and community-building.

The protection E2EE provides gives them a sense of security. Even the European Data Protection Board (EDPB) has highlighted the importance of E2EE. In 2022, the EDPB noted that encryption technologies fundamentally contribute to the right to private life, the confidentiality of communications, and freedom of expression.

What is the Global Encryption Coalition suggesting?According to joint letter, the Global Encryption Coalition and other co-signatories want the Swedish government to invest in and utilise targeted “modern investigative techniques”. These techniques should not compromise the security of the users of such services. Law enforcement agencies, they suggest, should rely on enhanced digital forensics, improved data analysis, and international cooperation instead of undermining encryption protections.

The Global Encryption Coalition has “strongly” urged the Riksdag, Swedish Parliament, to reject the proposed Data Storage and Access to Electronic Information legislation. What does the contentious proposed legislation say?According to the draft of the proposed legislation, the electronic communication service providers will have to store “certain information” for law enforcement as an obligation. The service providers will have to store such information “over time”, depending on “societal developments”, “technological developments”, and “changing communication habits”.

The draft also proposes that:Säkerhetspolisen, the Swedish Security Service, will be able to decide on a “more extensive storage obligation” if the country is facing a serious threat to national security. Service providers that offer number-independent interpersonal communication will be subject to information storage obligations and must adapt their operations so that “secret coercive measures” can be enforced.The duration for which a service provider must store data can be extended.

The government may impose sanctions on service providers that fail to comply.The Swedish government has proposed that this legislation to come into effect on March 1, 2026.What is the Global Encryption Coalition?The Global Encryption Coalition is an organisation comprising over 400 members across 103 countries.

It works to promote and defend encryption in “key countries and multilateral fora” where such technology is under threat.Its Steering Committee comprises of Center for Democracy and Technology, Global Partners Digital, Mozilla Corporation, the Internet Freedom Foundation, and the Internet Society.What is End-to-End Encryption? Several communication services use E2EE as a privacy measure.

Messaging apps and other platforms rely on E2EE to ensure that communication between two users is not accessible to unauthorised parties. The apps encrypt and decrypt the messages (or any other form of communication) between a sender and a receiver. That is, the app will turn the messages into a code that only the sender’s or the receiver’s devices can understand.

Here’s how it works: Messaging services like WhatsApp and Signal encrypt messages sent by User A using an encryption key. These messages are transmitted in encrypted form and can only be decrypted by User B’s device using a private decryption key. Finally, the decrypted message is authenticated using User B’s digital credentials.

Indian government’s opposition to E2EE:In 2021, WhatsApp filed a lawsuit against the Indian government for asking messaging services to break privacy protections under the IT Rules, 2021. In the lawsuit, WhatsApp specifically opposed Rule 4(2) of the IT Rules that required “a significant social media intermediary providing services primarily like messaging” to enable the identification of the “first originator” of a piece of information. WhatsApp argued in the court that this would require it to break its E2EE privacy measure that prevents malicious actors from accessing private messages between users.

The Indian government, in its response to WhatsApp, said that companies operating in India are subject to Indian laws. It also argued that the Right to Privacy, under Article 21 of the Indian Constitution, is not absolute. It cited “public interest” as a reason that makes compliance with the rules necessary.

In 2024, WhatsApp told the Delhi High Court that it would shut down operations in India if forced to break encryption. Advocate Tejas Karia, representing WhatsApp, stated, “As a platform, we are saying, if we are told to break encryption, then WhatsApp goes.”India’s New Income Tax Bill and Privacy Concerns: Recently, the Indian government introduced the Income Tax Bill, 2025, in Parliament.

Section 247 of the bill raised privacy concerns by expanding the search and seizure powers of tax authorities. The provision potentially allows officials to hack into suspects’ electronic devices, including social media and email accounts.Asia Pacific Policy Counsel at Access Now, Shruti Narayan, told MediaNama that “this is an unacceptable provision which could allow the use of privacy-violating data extraction tools to break into locked devices or password-protected accounts without any safeguards, independent oversight, or even a statement of necessity.

”Also read:DPDP Rules 2025 Mandate Encryption, Logs, and Timely Reporting in Case of Data BreachesSignal President opposes ‘European Chat Control Law’ and says it weakens end-to-end encryptionEuropean Union’s Europol Publishes Joint Declaration Against End-to-End Encryption on Online PlatformsThe post Global Encryption Coalition Asks Sweden to Not Enact the Proposed Data Storage Law appeared first on MEDIANAMA..