EU lawmakers are close to reaching a compromise on a controversial regulation aimed at combating child sexual abuse online, according to a leaked compromise document obtained by EURACTIV. The negotiating process is ‘possible to likely’ to end on Wednesday (29 April), sources involved in the talks between national governments and MEPs told this website.
In September 2020, the European Commission tabled draft legislation that would enable, but not compel, tech companies to monitor interpersonal communications in order to identify and report material related to child sexual abuse material on the Internet.
The provision is intended as a temporary measure derogating certain aspects of the Directive on privacy and electronic communications (ePrivacy), which currently regulates the processing of personal data and the protection of privacy in the electronic communications sector.
In November 2020, the European Data Protection Supervisor (EDPS) published an opinion on the Commission proposal, questioning its legitimacy on the grounds that ‘confidentiality of communications is a cornerstone of the fundamental rights to respect for private and family life. Even voluntary measures by private companies constitute an interference with these rights.’
In the European Parliament, the legislative proposal was assigned to the Civil Liberties, Justice and Home Affairs Committee, which proposed amendments tightening the restrictions to safeguard privacy protection.
Four meetings between the Council, Commission and Parliament have so far failed to find a compromise agreement. The main point of concern between the institutions is the risk that private conversations or intimate photos might be erroneously flagged by the algorithm, and be wrongly disclosed to the service provider’s moderators or police authorities.
While the Council’s intention is to minimize the risk of error, several MEPs remained unconvinced that the scanning of private communications would not entail the risk of exposing legitimate private communications among adults, such as sexting.
The second point of contention is over anti-grooming measures, which representatives of the European Parliament wanted to see restricted by an ex-ante authorisation of the relevant Data Protection Authority (DPA).
According to EU sources, the likely compromise agreement includes AI-powered conversation screening also for alleged initiation attempts that might formally require prior authorisation by national data protection authorities, however including a grace period that would effectively invalidate the ex ante scrutiny of the DPAs.