Messaging service Telegram has updated its privacy policy to include a clause which states that it may hand over users’ IP address and phone number if it receives a court order that indicates those people are terror suspects.

The company added that this hasn’t ever happened yet, and that if it does, it’ll disclose it in a semiannual transparency report. With that, Telegram believes it’s now in compliance with the European Union’s GDPR guidelines.

But what does this spell for users? Founder Pavel Durov noted that this will only make the service less hospitable to terrorists, who may seek to use it to spread propaganda or recruit people to their cause.

Amlan Mohanty, a technology lawyer based in India, says that this move should give us all cause for concern, as it could lead us down a slippery slope and potentially see people who aren’t ‘terror suspects’ get caught in the dragnet.

For starters, Mohanty notes, the change in Telegram’s privacy policy appears to be a reaction to pressure on the company from the counter-terrorism arm of Russia’s intelligence agency. The service was banned in the country back in April.

Durov mentioned that the change was made to comply with the EU’s new privacy laws – but those only require firms to disclose to users what sort of data they’re sharing with governments, and they don’t mandate that firms must hand over IP addresses and phone numbers.

There’s also the question of the definition of the term ‘terror suspect’ – and it likely comes down to what it means in the country that’s asking Telegram to cough up information on a user.

Sure, you’ll need a judge to sign off on a court order that would require Telegram to hand over data, but ‘terror suspect’ could mean someone actively engaging in the radicalization of others in one country, and in another, it could potentially refer to someone merely expressing dissatisfaction with how their government is flouting its constitution.

Mohanty adds that it’s clear Telegram is resisting Russia’s tactics to pressure it into decrypting messages on its platform – but further developments could see that effort go sideways.

ZDNet reported that Russian telecom regulator Roskomnadzor indicated it may consider unblocking Telegram for users in the country, but it’d only do so if the company hands over the encryption keys that keep the platform’s messages private.

If Telegram wants to operate in Russia, it’ll either need to compromise privacy for users, or change its system architecture to make it impossible to grant backdoor access to messages to any government.

Ultimately, it’ll come down to Durov & Co.’s will to fight political and legal pressure in Russia. This could set a precedent for privacy controls in other countries and on other platforms; let’s hope Telegram can keep fighting the good fight, for everyone’s sake.

Read next: $1,000 phones are the new normal, and that's bad news for the future of tech