Faced with growing criticism, the European Commission defended in a non-paper its legislative proposal to fight child sexual abuse material, arguing it is not at odds with the EU Charter of Fundamental Rights and existing case law.

The draft law would empower judicial authorities to issue detection orders forcing platforms like WhatsApp and Gmail to set up automated tools and scan all communications on their service to detect suspected material and attempts to ‘groom’ minors.

Since the proposal was presented last year, it has collected a number of negative responses for its disproportionate effect on fundamental rights from the European Data Protection Supervisor, a European Parliament external assessment and the EU Council’s legal service.

Precisely the latter, which is particularly influential in EU policymaking, seems to have prompted the European Commission to enter into a defence mode, according to a non-paper dated 16 May and shared with the relevant technical body of the EU Council.

“Commission services consider that the proposed rules and the case law available to date, seen in their entirety and properly construed, provide no reasons to conclude that on this point the proposed Regulation is incompatible with the Charter,” reads the non-paper, seen by EURACTIV.

EU Council’s legal opinion gives slap to anti-child sex abuse law

The legal service of the EU Council of Ministers slammed the EU proposal to fight child sexual abuse material (CSAM), criticising, in particular, the ambiguity of detection orders and their possible impact on privacy rights.

The CSAM draft law has faced …

Detection orders and safeguards

The paper reiterated that detection orders are only meant to be a last measure of resort. To ensure this, orders can only be issued after a “mandatory prior process of risk assessment and mitigation.”

The competent national court has to consider beforehand if “there is evidence of a significant risk that the service is misused for child sexual abuse” and if “the reasons for issuing the order outweigh its negative consequences, having balanced all fundamental rights and other rights and interests at stake”.

Moreover, the Commission underlined that independent public authorities must also be involved in the process.

One of the safeguards regarding this is that those service providers who are subject to a detection order “must regularly report on the execution, and the competent national authority must regularly assess whether any changes to the detection obligation may be required” to ensure “effective redress and complaint-handling” and other oversights.

A detection order would also be targeted at a specific service or even specific parts of it, so, according to the paper, there would be no general monitoring. There would also be “limits in time,” and only “certain specific material and conversations entailing specific criminal offences” would be targeted.

No other types of crimes or threats to national security would be included.

Majority of EU countries support scanning of audio communications

A majority of the EU Council of Ministers seem to favour expanding the scanning of private messages to audio communications to detect child sexual abuse material, according to a new document dated 12 May and seen by EURACTIV.

Last week, EURACTIV …

Fundamental rights

The criticism about the detection orders has been that they can limit the exercise of certain fundamental rights, notably those to privacy and protection of personal data of the users of the services in question.

That relates to the fact that potentially all users would be affected by scanning their private communications.

However, the Commission non-paper highlights that, according to the case law of the Court of Justice of the European Union, these are “not absolute rights but must be considered in relation to their function in society”.

Therefore, there has to be a “balancing exercise” which must “take account of all the circumstances of the case at hand.” This might be up to the service providers to determine, as the proposed rules leave some scope for interpretation, but “discretion and flexibility would be exercised within a detailed framework”, including safeguards.

Child sexual abuse: leading MEP sceptical of technical limitations

As the European Parliament’s published its draft report on the proposal to fight child sexual abuse material (CSAM), the rapporteur shared with EURACTIV his vision about the key aspects of the file.

Javier Zarzalejos is an influential voice inside European People’s …

The text mentions that the rapid “technological and commercial developments,” almost by their definition, “involve activities that are sensitive from a fundamental rights perspective.” This is why the Commission considers that safeguards and guidance are needed.

The document also added that “having access to certain personal data of users held by online service providers can certainly be helpful to tackle the crimes, but this is not necessarily the only means to do so.”

The paper also highlighted that CSAM differs from other online crimes, such as propaganda, hate speech, or copyright infringement, because the content itself is the crime.

The document acknowledged that questions about the detection orders’ “compatibility with the Charter” cannot be answered “with absolute certainty.” However, there is also “no reason to conclude that on this point the proposed Regulation is incompatible with the Charter”.

Portugal’s opinion

In a separate text, also dated 16 May and seen by EURACTIV, Portugal presented several suggestions regarding the file. They asked for companies to be able to start “the risk assessment process as soon as the regulation entries into force,” adding that “the regime of delegated acts must be effective immediately.”

Moreover, Lisbon said that the EU Centre “must be set up” and that “all nominations and appointments must be complete, including the ones of the Victims Board”.

Child sexual abuse material: EU Council proposes survivors’ board

A new EU Council presidency compromise text of the proposal aiming to prevent child sexual abuse material (CSAM) online introduces a survivors’ board and puts more focus on competent authorities.

Read more with EURACTIV

EU lawmakers kick off cybersecurity law negotiations for connected devices

Manufacturers’ obligations, reporting, compliance and enforcement are the main areas of the first compromise on the new cybersecurity law EU lawmakers will discuss next week.