On Monday 16 February, the European Data Protection Supervisor, Wojciech Wiewiórowski, issued a critical opinion on the proposed extension of the derogation from the ePrivacy Directive, which aims to detect online paedophile content using communications scanning technologies (see EUROPE 13796/11).
In the absence of agreement on the Child Sexual Abuse Regulation (CSAR), the European Commission wishes to maintain this transitional regime to avoid a legal vacuum after 3 April 2026, when the current derogation is due to expire.
While he recognises the importance of combating the dissemination of such material, Mr Wiewiórowski believes that this proposal presents “the right time and opportunity for the co-legislators to address some of the key shortcomings” of the current text.
The Supervisor deplores the lack of a clear legal basis for the derogation, more specifically under the General Data Protection Regulation (GDPR), which could affect suppliers. He considers that “the general, indiscriminate and automated analysis of all text-based communications (...) does not respect the principle of necessity and proportionality”. In his view, such a method is “excessive” and entails a risk of “substantial degradation of confidentiality” of communications.
Mr Wiewiórowski warns that any “mere extension without steps and measures to ensure the effectiveness of existing and new safeguards remains highly problematic”. He therefore urges a strict definition of the data processed in order to prevent mass surveillance.
Full opinion: https://aeur.eu/f/krl (Original version in French by Justine Manaud)