On Tuesday 28 May, the Belgian Presidency of the EU Council proposed a new compromise on the draft regulation on the removal of online child sexual abuse material, still hoping for an agreement before the end of June.
Published by the Netzpolitik website, the document sets out the Presidency’s new thinking, which includes limiting the scope of detection orders for this material to video content and photos, excluding audio and text.
The Belgian Presidency has also proposed requiring users’ consent for the material they receive to be ‘scanned’; if they refuse, users of these private messaging services would not be able to download these images or videos.
“To further avoid undue interference with fundamental rights and ensure proportionality, detection orders should cover only images and visual components of videos and URLs, while the detection of audio communication and text should be excluded”, the text proposes.
“As an additional safeguard, the reporting to the EU Centre of potential new child sexual abuse material detected in the service of a provider, should be done in a pseudonymised way, so that the personal data cannot be attributed to a specific data subject. Only after human verification by the EU Centre, the providers should share the report with the EU Centre including the personal data attributable to a data subject”, the Presidency also adds.
Where potential child sexual abuse material “has been flagged in a service twice or once a user has notified the provider about potential new child sexual abuse material within a service, the provider shall report that material to the EU Centre in such a manner that the personal data cannot be attributed to a specific data subject without the use of additional information”, the latest text also states.
With regard to user consent to hardware detection, the text states that “providers should not be obliged to prohibit or make impossible end-to-end encryption. Nonetheless, it is crucial that services employing end-to-end encryption do not inadvertently become secure zones where child sexual abuse material can be shared or disseminated without possible consequences. Therefore, child sexual abuse material should remain detectable in all interpersonal communications services through the application of vetted technologies, when uploaded, under the condition that the users give their explicit consent under the provider’s terms and conditions for a specific functionality being applied to such detection in the respective service”.
Users “not giving their consent should still be able to use that part of the service that does not involve the sending of visual content and URLs”.
According to Netzpolitik, on 24 May the EU Council’s Legal Service again pointed out that the proposal was still illegal. It continues to criticise the very concept of generalised surveillance of communications without any initial suspicion.
It is also critical of the proposal to force users to give consent, which will not be completely free, as the use of certain services will depend on it.
The Member States will discuss the matter on 4 June.
Link to the text: https://aeur.eu/f/ch8 (Original version in French by Solenn Paulic)