The European Commission’s plan to combat child sexual abuse material online is already raising privacy concerns.
The proposal would allow courts in the EU to require companies to detect child sexual abuse material and grooming of children online, according to documents seen by Bloomberg.
Privacy advocates and lawmakers are already raising alarm bells about the proposal ahead of its publication on Wednesday, arguing that it would allow companies spy on people using the internet.
Jan Penfrat at the European Digital Rights group posted on Twitter that the proposal looks like a “shameful” surveillance law “entirely unfitting for any free democracy.”
If the commission “got away with this proposal, the privacy of digital correspondence would be dead,” Moritz Körner, a German member of the European Parliament, said in a statement after a leaked draft began to circulate. “Private companies would be forced to play police, spy on their customers and report them to the state.”
Action against sexual abuse material has long been controversial due to privacy concerns. Apple Inc. halted plans last year to detect child sexual abuse images on users’ devices after concern that the moves would harm encryption.
With the EU’s proposal, lead by Commissioner Ylva Johansson, sites with users younger than 18 will have to conduct risk assessments for how they are detecting child pornography and the solicitation of children. These reports will be sent to a new European agency equivalent to the U.S.’s National Center for Missing and Exploited Children that will work alongside Europol. Politico previously reported on the plans.
Johansson knows that the commission is gearing up for a fight with privacy advocates worried about the curtailing of privacy online and creating a backdoor for law enforcement to access encrypted messages.
“The attitude that I sometimes hear is that we have to choose between privacy for adults, or protecting children, and I will never accept that black or white,” Johansson said in January.
National authorities can ask a court to order a company to specifically remove or block this material on their site.
The European courts can also require internet providers to block a web address if they cannot specifically remove the material. Companies, who can appeal these orders, also may be required to install technology that can detect the child sexual abuse material, according to the proposal that isn’t public yet.
The rules will apply to messaging apps that use end-to-end encryption, which is an “important tool to guarantee the security and confidentiality of the communication of users, including those of children,” the proposal said. Companies should ensure the “safeguard measures” do not undermine user’s security and privacy.
Hosting platforms and messaging services need to take action against child pornography and grooming children. This can include age verification to confirm children use their services, change how the service operates or increase supervision of the services. Companies will also be able to work with other tech companies and civil society groups to monitor the material, according to the proposal.
Similarly, software companies will also have to detect and take action to ensure their products aren’t at risk of being used to groom children.
Action taken by companies must be “targeted and proportionate” and consider how the measures will impact the “fundamental rights” of users, according to the drafts.
Victims of sexual abuse material can also work with the EU center to have material depicting them taken down.
©2022 Bloomberg L.P.