On Monday 10 October, the European Commissioner for Home Affairs, Ylva Johansson, tried to convince the members of the European Parliament’s Committee on Civil Liberties of the merits of her proposal for a regulation on the removal of child pornography content online (see EUROPE 12950/5).
Faced with MEPs who were quite reserved or sceptical about the scope of the regulation, the Commissioner also promised that her legislation would be as strict as possible and as respectful as possible of privacy provisions.
Above all, she urged MEPs to act quickly, threatening a legal vacuum in as early as August 2024, when the current derogation to the ‘e-privacy’ regulation temporarily obliging companies to detect such content expires.
“Without new legislation, it will no longer be possible for companies to detect content or attempts to solicit” children online for sexual purposes, she repeatedly warned.
The regulation proposed in May will require providers and hosts of interpersonal communication services to carry out risk assessments, possibly apply mitigating measures, and report to competent authorities designated by the Member States. These providers will have to scrutinise the circulation of photos or videos, already identified in the past or newly produced, but also to monitor the practices of soliciting sexual services.
It will then be up to these authorities to decide, on the basis of these assessments, whether the risk is great enough to issue a mandatory detection and subsequent blocking or removal order to the company concerned or its representative in the Member State concerned.
An intermediate step will be to create a European centre dedicated to the fight against the distribution of child pornography online, which will evaluate the technology chosen by the company to carry out this content monitoring and will sort out false positives - a real problem according to Sophie in 't Veld (Renew Europe, Dutch) - and real detections of child pornography that should be reported to the law enforcement authorities.
For Ylva Johansson, the regulation therefore contains all the necessary safeguards and does not impose anything on companies in terms of the technologies they choose. Nor does the Regulation require encryption to be tackled, although the Commissioner called on companies “not to rule anything out”.
These companies will also be able to consult the personal data protection authorities and judicial supervision is also planned, she added in defence.
While the rapporteur on the report, Spain’s Javier Zarzalejos (EPP), “would have liked to see these proposals come sooner”, he welcomed the creation of the European centre, which will also work with the US, Canada and Australia.
Its report will focus on four main areas: the scope of the regulation, the choice of detection technologies, the safeguards and procedures for initiating a detection order, and the establishment of the centre.
Asked about the fears of companies like Facebook that they would be forced to infringe on the fundamental rights of their users, the commissioner acknowledged that companies in the sector “are all against the proposal”, with Ylva Johansson explaining that this was because “they don't want a regulation”.
German Greens/EFA MEP Patrick Breyer said the regulation would open the door to widespread surveillance of all private communications; mass surveillance that is only found in “dictatorships” such as “China”.
The Commissioner dismissed this claim and referred to the opinion of the European Union Agency for Fundamental Rights, saying that the regulation “does not impinge on these rights”, and that it is up to legislators to “find the right balance”.
German MEP Birgit Sippel (S&D), for her part, deplored the fact that the proposal does not make it possible to raise children’s awareness of the risks of the digital world.
The Commissioner also took the opportunity to announce that a revision of the general directive on combating sexual abuse of children will be proposed in 2023. (Original version in French by Solenn Paulic)