Dating apps and videoconferencing could be monitored in new EU data rules

Dating apps and videoconferencing tools could come under the scope of new EU efforts to monitor online communications in a bid to stamp out child sexual abuse material, internal documents obtained by EURACTIV reveal.

The European Commission has presented a derogation from privacy protections outlined in the ePrivacy directive. [Shutterstock]

Dating apps and videoconferencing tools could come under the scope of new EU efforts to monitor online communications in a bid to stamp out child sexual abuse material, internal documents obtained by EURACTIV reveal.

In a series of private exchanges between MEPs and Commission services, the EU executive has attempted to clarify a number of concerns related to proposed rules that would allow online communications services to be vetted for child abuse content.

In December, the EU’s telecoms code was widened to afford protections under the bloc’s ePrivacy directive, meaning that platforms and messaging services would be unable to scan content uploaded online for potentially abusive content.

However, in a bid to stifle the spread of such material online, the Commission introduced an interim derogation from these safeguards, which would again allow online messaging services to monitor certain online communications.

Parliamentarians have pressed the Commission for clarification on precisely which online messaging services could fall under the scope of certain ‘number-independent interpersonal electronic communications service’ (NI-ICS), which would be subject to the derogation.

In one exchange, the Commission is pressed on whether it considers ‘dating apps,’ such as Tinder, Bumble and OkCupid, part of the new rules. The response was that while assessments should be made on a case-by-case basis, “the communications features of dating apps may constitute NI-ICS, unless they are merely ancillary features.”

Moreover, in another paper from November last year, the Commission is asked whether ‘videoconferencing services, including those used for medical consultations’ should come under the new measures. Popular videoconferencing tools in use today include applications such as Skype and Zoom.

While the Commission stated that it is “ultimately the Court of Justice that will interpret” the scope as defined by the final text, it also said that insomuch as videoconferencing tools “enable direct interpersonal and interactive exchange of information via electronic communications networks between a finite number of persons, it can be argued that they constitute a (number-independent) interpersonal electronic communications service.”

The EU executive also stated that “personal data processed within the scope of the derogation provided for by the proposed Regulation, must be in line with the General Data Protection Regulation (GDPR)”.

However, the Commission added that it “does not take a position on the conformity of the current voluntary practices by operators with the GDPR, which falls into the competence of the national data protection authorities (DPAs).”

At the time of writing, the Commission has not responded to EURACTIV’s request for a response.

Interinstitutional negotiations and strong opinions

In December, the Civil Liberties Committee in the European Parliament rubber-stamped their position on the plans, allowing for web-based communication services to voluntarily continue to detect child sexual abuse online. MEPs however had stressed that certain ‘audio communications’ should be struck out of the provisions.

Negotiations between representatives from the European Parliament and the EU Council are taking place this month, with Home Affairs Commissioner Ylva Johansson, Parliament rapporteur for the file, MEP Birgit Sippel, and the Portuguese Ambassador to the EU on behalf of the EU Council sitting down on 26 January, after a series of technical meetings.

Further afield, there has been strong jockeying on both sides of the debate.

Last November, the European Data Protection Supervisor published an opinion on the plans, noting that the “measures envisaged by the Proposal would constitute an interference with the fundamental rights to respect for private life and data protection of all users of very popular electronic communications services, such as instant messaging platforms and applications.”

For their part, law enforcement groups have been keen for the EU to adopt measures that will allow for the monitoring of online communications for child abuse material.

Earlier this month, representatives from the ‘Five Eyes’ security alliance, comprised of Home Affairs, Interior, and Security Ministers from the US, Australia, Canada, New Zealand, released a statement saying that “the ePrivacy Directive, applied without derogation, will make it easier for children to be sexually exploited and abused without detection.”

Closer to home, in November, the European Cybercrime Task Force (EUCTF) – featuring experts from Europol, Eurojust and the Commission – urged Parliament to support the temporary derogation from the ePrivacy directive, to help ‘fight online child sexual abuse.’

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters