Children’s sustained development is a crucial prerogative for a safe and sound future of Europe.
Article 3(3) TEU establishes the objective for the EU to protect and promote the rights of the child (1). Moreover, the EU Charter of Fundamental Rights explicitly establishes an obligation to protect children’s best interests (2). To that end, the fight against child sexual abuse, and children’s rights online, are both priorities on the EU legislative agenda, as confirmed in the 2020 EU strategy (3). This interest unfolds against the background of increasing reports of online child abuse and calls from civil society and children’s rights advocates for more stringent regulation (4). Companies have already taken voluntary steps to address these dangers, partnering with experts and investing in research and development of technologies to identify the indicators of child exploitation online more accurately (5).
On 11 May 2022, the Commission made its proposal for a Regulation laying down rules to prevent and combat online child sexual abuse. (6) The Regulation introduces new detection, monitoring, and reporting obligations for online service providers in relation to child sexual abuse material. Despite its honourable objective, the proposal has become a strong point of contention among political actors and civil society alike, given its severely privacy-intrusive nature. As such, the Commission’s proposal requires providers of hosting and/or interpersonal communication services that have received a detection order to detect the dissemination of child sexual abuse material (7).
The proposal was harshly criticised by both the Parliament and the Council, for failing to sufficiently consider the interference with the right to privacy and the right to data protection that screening of all communications entails. As argued by the Legal Service of the Council, the detection obligation may entail generalised screening of metadata and communications. This is especially contentious, given the CJEU’s jurisprudence, whereas Case C-293/12 Digital Rights Ireland prohibits generalised access to the content of electronic communications (8). According to that ruling, widespread acquisition and retention of data on the content of electronic communications of private users amounts to a grave interference with the right to privacy, that is bound to adversely affect the essence of that right (9). Moreover, such access would entail a de facto weakening, if not prohibition, of end-to-end encryption and other cybersecurity measures.
In the European Parliament, the amendments proposed by the LIBE committee expand the scope of the proposed legislative act to include online search engines (10). Moreover, they explicitly prohibit the weakening of end-to-end encryption and call for detection orders as a last resort measure, introducing targeted monitoring obligations to avoid generalised monitoring (11). However, even targeted monitoring represents a serious interference with the right to privacy, which therefore requires a careful balancing of the interests involved.
Given the contentious nature of this proposal, its adoption has been long delayed, as its fine details are still the subject of strong debates between the various stakeholders and institutions. However, it appears that the legislative process has been reignited, following the European Parliament’s agreement to the draft in late 2023. At Spark, we are closely monitoring the progress of this legislative proposal, as well as carefully assessing the ultimate balance that is being struck between privacy and children’s rights. As such, we look forward to the final version of this proposal!
(1) Consolidated version of the Treaty on European Union [2012] OJ C326/13, article 3(3).
(2) Charter of Fundamental Rights of the European Union [2012] OJ C326/02, article 24.
(3) European Commission, ‘EU strategy for a more effective fight against child sexual abuse’ COM(2020) 607 final.
(4) UNICEF, ‘Ending Online Child Sexual Exploitation’ (2021), https://www.unicef.org/media/113731/file/Ending%20Online%20Sexual%20Exploitation%20and%20Abuse.pdf
(5) For example, the Technology Coalition represents one of the biggest voluntary consortium of tech companies working together to address the issue of online child sexual exploitation and abuse: https://www.technologycoalition.org/.
(6) European Commission, ‘Proposal for a Regulation of the European Parliament and of the Council laying down Rules to Prevent and Combat Child Sexual Abuse’ COM(2022) 209 final.
(7) ibid Article 10.
(8) Case C-293/12 Digital Rights Ireland EU:C:2014:238.
(9) ibid paragraph 39.
(10) Committee on Civil Liberties, Justice and Home Affairs, ‘Report on the on the proposal for a regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse’ COM(2022)0209 – C9-0174/2022, Amendment 117.
(11) ibid Amendments 83 and 168.
