The EDPS has issued an Opinion on the proposed Regulation to extend the temporary derogation from certain provisions of the ePrivacy Directive to combat child sexual abuse online. The Regulation would allow providers of certain independent interpersonal communication services to continue to apply specific technologies to private communications in order to detect child sexual abuse material for two more years, whilst negotiations for a long-term Regulation are ongoing.
In its Opinion, the EDPS expresses concern about the aims of this Regulation, which would, in effect, restrict individuals’ fundamental rights to privacy and personal data, including their right to the confidentiality of communications. The EDPS also highlights that the recommendations previously issued in its Opinion on temporary derogations from the ePrivacy Directive 2020 were not fully addressed, further putting individuals at risk.
Wojciech Wiewiórowski, EDPS, said: “Extending the validity of the Regulation on temporary derogations from the ePrivacy Directive is not a formality. It would perpetuate the already-existing risks to individuals’ privacy and their personal data, which should by no means become the norm. This proposed Regulation should not be adopted until the necessary safeguards are put in place”.
The EDPS underscores that, although the use of specific technologies to detect child sexual abuse material would remain voluntary, it is still the EU’ s co-legislators responsibility to put in place measures to ensure that the Regulation complies with the EU’s Charter of Fundamental Rights.
In line with its previously issued recommendations, the EDPS reiterates that the proposed Regulation does not include sufficient and effective safeguards to prevent general and indiscriminate monitoring of private electronic communications. Putting these safeguards in place is important, especially given the high error rates observed with certain technologies used for detecting child sexual abuse materials or child solicitation, such as grooming. The EDPS underscores the significant risk that technologies used to detect child sexual abuse material may flag consensually produced and shared imagery.
Whilst the EDPS fully supports the aim to combat child sexual abuse as a terrible crime, this Regulation is not the solution. The goal of combatting child sexual abuse must be pursued with the necessary safeguards for individuals’ private communications, and, by extension, their fundamental rights to privacy and personal data.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.