The proposal for a new regulation on child sexual abuse has seen a lot of criticism. As a matter of fact, the legal services of all three legislative institutions of the European Union, have been highly damning. One would almost think the proposal is fundamentally flawed.
The criticism doesn't come as a surprise. One major element of the proposal is the power to provide for detection orders. This power would allow authorities to require a platform such as Signal or WhatsApp, to monitor all communications of all users in order to detect the sharing of known and unknown material of child sexual abuse and grooming. A general monitoring obligation, so to say.
In the European Union, proposals are put forward by the European Commission. The representatives of the citizens of the European Union in the European Parliament and the representatives of the governments of the members states in the Council then negotiate about the final text of the legislation.
Here's what the legal services of each of those three institutions thinks about the proposal.
European Parliamentary Research Services (EPRS) of the European Parliament
Quote from the Complementary Impact Assessment on the proposal for a regulation laying down rules to prevent and combat child sexual abuse:
This complementary impact assessment finds:
(1) a number of weaknesses in the European Commission's problem definition, notably it discusses only to a limited extent the challenges posed by end-to-end encryption in the fight against child sexual abuse material online;
(2) that, despite a risk for abuse, technologies to detect known sexual abuse material are accurate, whereas technologies to detect new child sexual abuse material and grooming currently are of substantially lower accuracy and that detection of material in end-to-end-encrypted communication causes risks and vulnerabilities for individuals and society;
(3) that obligations stemming from the proposal for information society services to detect, report and remove from their services new content and grooming would have positive impacts on the protection of children, but at the same time would violate some fundamental rights of users, the prohibition of generalised data retention and general monitoring obligations;
(5) that the new binding obligations stemming from detection orders for providers of information society services to detect, report, and remove child sexual abuse material from their services would likely fail the proportionality test;
(6) that the creation of an EU Agency to prevent and counter child sexual abuse with some functions in Europol and others in an independent organisation under Member State law would be the most cost-efficient option.
Council Legal Service of the Council of the European Union
Quote from Opinion on the proposal for a regulation laying down rules to prevent and combat child sexual abuse:
- The CLS concludes that [...] the regime of the detection order [...] constitutes a particularly serious limitation to the rights to privacy and personal data protection enshrined in [...] the Charter.
- Such regime entails a serious risk of:
- a) not being sufficiently clear, precise and complete [...] and therefore as not being in compliance with the requirement that the limitations to the fundamental rights must be provided for by law;
- b) compromising the essence of the above-mentioned fundamental rights in so far as it would permit generalised access to the content of interpersonal communications, or, in the alternative;
- c) not being in compliance with the proportionality requirement in so far as
- i) it would require the general and indiscriminate screening of the data processed by a specific service provider, and apply without distinction to all the persons using that specific service, without those persons being, even indirectly, in a situation liable to give rise to criminal prosecution;
- ii) it would not concern traffic and location data, but the content of interpersonal communications;
- iii) it would pursue the general objective of fighting child sexual abuse crimes which, although they are serious crimes, do not constitute threats to national security.
- If the Council were to decide to maintain interpersonal communications within the scope of the regime of the detection order, the regime should be targeted in such a way that it applies to persons in respect of whom there are reasonable grounds to believe that they are in some way involved in, committing or have committed a child sexual abuse offence [...]
Regulatory Scrutiny Board of the European Commission
Quote from Opinion on the regulation on detection, removal and reporting of child sexual abuse online [...]:
- However, the report still contains significant shortcomings. The Board gives a positive opinion with reservations because it expects the DG to rectify the following aspects: [...]
- 2) The report is not sufficiently clear on how the options that include the detection of new child sexual abuse material or grooming would respect the prohibition of general monitoring obligations.
- 3) The efficiency and proportionality of the preferred option is not sufficiently demonstrated.