The proposal would allow courts in the EU to require companies to detect child sexual abuse material and grooming of children online and while this seems fair enough, it will technically mean that you are allowing private companies to spy on all their users.
Jan Penfrat at the European Digital Rights group posted on Twitter that the proposal looks like a “shameful” surveillance law “entirely unfitting for any free democracy.”
If the commission “got away with this proposal, the privacy of digital correspondence would be dead,” Moritz Körner, a German member of the European Parliament, said in a statement after a leaked draft began to circulate. “Private companies would be forced to play police, spy on their customers and report them to the state.”
Action against sexual abuse material has long been controversial due to privacy concerns. Even Apple halted plans last year to detect child sexual abuse images on users’ devices.
With the EU’s proposal, led by Commissioner Ylva Johansson, sites with users younger than 18 will have to conduct risk assessments for how they are detecting child pornography and the solicitation of children. These reports will be sent to a new European agency equivalent to the U.S.’s National Center for Missing and Exploited Children that will work alongside Europol. Politico previously reported on the plans.
Johansson knows that the commission is gearing up for a fight with privacy advocates worried about the curtailing of privacy online and creating a backdoor for law enforcement to access encrypted messages.
“The attitude that I sometimes hear is that we have to choose between privacy for adults, or protecting children, and I will never accept that [as being] black or white,” Johansson said.
The law said that national authorities can ask a court to order a company to specifically remove or block this material on their site.
The European courts can require internet providers to block a web address if they cannot specifically remove the material. Companies can appeal these orders and will be required to install technology that can detect child sexual abuse material.
The rules will apply to messaging apps that use end-to-end encryption, which is an “important tool to guarantee the security and confidentiality of the communication of users, including those of children. Companies should ensure the “safeguard measures” do not undermine user’s security and privacy.
Hosting platforms and messaging services need to take action against child pornography and grooming children. This can include age verification to confirm children use their services, change how the service operates or increase supervision of the services. Companies will also be able to work with other tech companies and civil society groups to monitor the material, according to the proposal.
Similarly, software companies will also have to detect and take action to ensure their products aren’t at risk of being used to groom children.
Action taken by companies must be “targeted and proportionate” and consider how the measures will impact the “fundamental rights” of users, according to the drafts.