The European Council and Parliament have reached an interim agreement on a temporary measure to allow providers of electronic communications services, such as web-based email and messaging services, to continue to detect, remove and report child sexual abuse online until permanent legislation announced by the European Commission is in place.
Protecting children against any form of violence or abuse is paramount for the EU. According to Portuguese Minister of State for the Economy and Digital Transition, Pedro Siza Vieira, they have agreed on effective and enforceable temporary rules to ensure that the activities of detecting, removing and reporting illegal material that certain electronic service providers carry out, purely on a voluntary basis, can continue, and the perpetrators can be caught and prosecuted.
In December 2020, the European Electronic Communications Code (EECC) entered into application, bringing with it a new definition of electronic communications services. This definition encompasses ‘number-independent interpersonal communications services’ (NI-ICS), which includes messaging services.
Some NI-ICS providers have been using specific technologies to detect child sexual abuse material on their services in order to remove and report it to law enforcement authorities for criminal prosecution.
As the ePrivacy directive of 2002, which ensures the confidentiality of communications and personal data in the electronic communications sector, relies on the definition of electronic communications services in the Code, NI-ICS are now subject to the confidentiality rules of the ePrivacy directive rather than those of the General Data Protection Regulation (GDPR). In contrast to the GDPR, the ePrivacy directive does not contain a legal basis for the voluntary processing of content or traffic data for the purpose of detecting child sexual abuse. Therefore, for services falling within the scope of the ePrivacy directive, a specific derogation is needed so that these valuable practices can continue.
The agreement provides for a derogation to articles 5.1 and 6.1 of the ePrivacy directive to allow providers to continue to detect, remove and report child sexual abuse material, and apply anti-grooming technologies. The Charter of Fundamental Rights and the GDPR will continue to apply in any case, and a number of extra safeguards will guarantee that privacy online is respected.
The Commission has announced that it will propose overarching legislation to tackle child sexual abuse online by the second quarter of 2021. That legislation will aim to provide a long-term solution to replace this temporary measure.
The interim regulation will apply for three years or until an earlier date if the permanent legal instrument is adopted by the legislators and repeals these temporary rules before then.