The European Data Protection Board (EDPB) has issued a statement concerning the recently adopted Proposal for a Regulation to prevent and combat child sexual abuse online that was circulated on 13 February 2024. This statement is a privacy-rights-oriented assessment of right alignment with privacy and data protection and also provides areas needing further attention.
Background and Introduction
In May 2022, the European Commission posted new regulations that will tackle online child sexual abuse.This proposal consists of the commitments for service providers to search, remove, and report child sexual abuse material (CSAM) as well as grooming activities, and a central EU agency to overwatch and cooperate. While endorsing the stand of the EDPB and EDPS that the online child sexual abuse deserves to be fought against, the data protection agreements between the Member States are criticized for the infringement of privacy and data protection rights in case the said proposal is put in effect.
Key Concerns and Recommendations
The EDPB acknowledged that the European Parliament proposed some changes in the original plan, that are aimed at excluding the encrypted communications from the detection orders. However, the Board highlighted several unresolved issues:However, the Board highlighted several unresolved issues:
- 1. Indiscriminate Monitoring: The new directives are not directly responding to the concerns of the EDPB connected with the massive and indiscriminate interception of private correspondence. It highlights the fact that measures should be more precise (so that they do not offend the rights of the people).
- 2. Detection Orders for New CSAM: The EPDP has reservation about issuing orders to use technologies for detecting new CSAM based on these systems’ error rates. Besides this, such actions could cause the accusers of the innocent people and may also constitute privacy issues.
- 3. Ambiguity and Legal Uncertainty: The text described in the Parliament is confusing, for instance, there is more information on the recovery orders regulations. The EDPB stresses the point that the detecting moments must be clearer and have unambiguous definitions in order to ensure that the efforts are really targeted at those possibly involved in the production or dissemination of CSAM and will not affect anyone suspected of the activities.
- 4. Risk to Encryption: The EDPB reinforces the fact that the end-to-end encryption is one of the most vital methods for securing the privacy of communications. Measures to weaken encryption could devastate digital services.
Call to the Public
Despite the welcomed improvement from the European Parliament’s position, the EDPB asks the legislators to look into the concerns that still persist in a more comprehensive manner. The Board underlines the importance of creating an implementable text, which is concrete, unambiguous and fully respectful of fundamental rights, like privacy, data protection, and the rights of children and vulnerable persons.
The EDPB’s statement points out how delicate this balance is when protecting the children from exploitation online and safeguarding the fundamental rights of privacy and data protection. With the legislative process still ongoing, the need is to make sure the rules are made which hold the balance between individual rights and freedom on the one hand and address the problem at hand efficiently on the other.