Last week the European Parliament passed the ePrivacy Derogation that will allow internet companies to automatically scan all personal messages of every EU citizen for material containing child sex abuse.
The law was voted in by a massive 537 Members of the European Parliament with 133 voting against it and 24 abstaining.
The controversial regulation was meant to be a fix of the European Electronics Communications Code that was approved just last December. According to the European Commission, approximately 4 million images and videos containing child abuse were flagged. However, due to the European Electronics Communications Code which unintentionally barred tech companies from looking into people’s messages, the reported images were far fewer.
In a speech commissioner Yvla Johannson highlighted this huge drop saying, “In a few short months, reports dropped by 53 per cent. Hundreds of cases, going unnoticed every day.”
With this new law though. Internet companies will once again have the power and prerogative to look through users’ messages for anything pertaining to child abuse. They will have the power to detect, remove and also report such content to relevant authorities in the countries they operate in. The law takes effect from this week and will be part of a temporary solution that is supposed to last for three years.
While the law may seem invasive to many citizens, it is reported that data protection agencies will have stronger oversight over the technologies. These companies and the technologies used will of course be subject to GDPR which has been key in preserving digital privacy in the European Union.
All the processing will again be subject to human oversight while any usage of anti-grooming technologies or any new technologies used for detection will require permission from the relevant authorities.
“The agreement is a compromise between detecting child sexual abuse online and protecting users’ privacy. It might not be perfect, but it is a workable, temporary solution for the next three years,” says Birgit Sippel an EU rapporteur in a post.
“We now urgently need the Commission to propose a long-term solution that draws inspiration from the data protection safeguards found in the temporary rules, and which, in addition, makes scanning of private communications more targeted.”
The law would also require that current secure end-to-end encrypted messenger services like Signal or WhatsApp install a backdoor.
As expected, many have opposed the new regulation. A public consultation done by the EU Commission, for instance, found that 51% of all the respondents were opposed to chat control for messaging and email providers. 80% of the respondents also opposed the application of chat control to encrypted messages.
Also, not all Members of the European Parliament were happy with the new directive. Patrick Breyer, German Pirate Party MEP was particularly incensed.
“The adoption of the first ever EU regulation on mass surveillance is a sad day for all those who rely on free and confidential communications and advice, including abuse victims and press sources. The regulation deals a death blow to the confidentiality of digital correspondence. It is a general breach of the dam to permit indiscriminate surveillance of private spaces by corporations – by this totalitarian logic, our post, our smartphones or our bedrooms could also be generally monitored. Unleashing such denunciation machines on us is ineffective, illegal and irresponsible.
Indiscriminate searches will not protect children and even endanger them by exposing their private photos to unknown persons, and by criminalising children themselves. Already overburdened investigators are kept busy with having to sort out thousands of criminally irrelevant messages. The victims of such a terrible crime as child sexual abuse deserve measures that prevent abuse in the first place. The right approach would be, for example, to intensify undercover investigations into child porn rings and reduce of the years-long processing backlogs in searches and evaluations of seized data.“
He plans to take legal action against the regulation and is currently in search of victims of abuse willing to file such a complainant.
The European Data Protection Supervisor (EDPS) and the Council of Europe have also sounded concerns around the new regulations saying that the measures could infringe on the privacy of EU citizens.