The European Commission has laid the first stone of its new strategy against child pornography (see EUROPE 12535/1). On Thursday 10 September, it presented a regulation allowing online communication services to derogate from the privacy rules contained in the e-Privacy Directive.
The 12-page document, which has yet to be approved by the EU Parliament and Council, allows online communication service providers to continue to detect and report child sexual abuse content on a voluntary basis. It will apply temporarily up to the latest 2025, while the EU adopts more permanent rules which the Commission plans to present by the second quarter of 2021 at the latest.
The European Commission justifies this proposal, which has not been the subject of an impact study, by invoking the entry into force of the new Electronic Communications Code, which will have the effect of bringing messaging services such as Gmail, Skype, WhatsApp or Messenger within the scope of the e-Privacy Directive 2002/58. However, this directive does not contain an explicit legal basis for the voluntary processing of data in the context of the fight against child pornography, the European Commission points out.
The Commission states that the new Regulation limits the processing of data “to what is necessary for the purpose of detecting and reporting suspicious cases” (derogation from Articles 5(1) and 6 of the e-Privacy Directive , i.e. the articles related to the confidentiality of communications and traffic data).
But these apparent good intentions do not reassure organisations defending rights and freedoms on the Internet, who fear that this approach will lead to mass surveillance and the prohibition of encryption. See the draft regulation: https://bit.ly/3m4NbE1 (Original version in French by Sophie Petitjean)