Fighting sexual abuse of children: Commission welcomes political agreement on interim rules for voluntary detection measures by online service providers

The Commission welcomes today’s political agreement between the European Parliament and the Council on the proposed interim legislation regarding the detection of child sexual abuse online by communications services. This legal adjustment was urgently needed to give certain online communications services such as webmail and messaging services legal certainty in their voluntary measures to detect and report child sexual abuse online and to remove child sexual abuse material, as such services fell under the e-Privacy Directive as of 21 December 2020. The new Regulation will provide guarantees to safeguard privacy and protection of personal data. The voluntary measures play an important role in enabling the identification and rescue of victims and reducing the further dissemination of child sexual abuse material, and contribute to the identification and investigation of offenders as well as the prevention of offences.

The rules agreed today have a narrow scope: they will create a temporary and strictly limited derogation concerning the voluntary detection activities of the online communication services. The main elements of today’s agreement include:

  • A definition of child sexual abuse online in line with the existing EU rules on child sexual abuse, including content constituting child sexual abuse material and solicitation of children.
  • Complaint mechanisms so that content that has been removed erroneously can be reinstated as soon as possible.
  • Human oversight for any processing of personal data including, where necessary, human confirmation before reporting to law enforcement authorities or organisations acting in the public interest.
  • Guarantees to protect privacy: Service providers will have to ensure that the technologies they use to detect child sexual abuse online are the least privacy-intrusive.
  • Data protection safeguards: Service providers will have to consult with data protection authorities on their processing to detect and report child sexual abuse online and remove child sexual abuse material. The European Data Protection Board will also be asked to publish guidelines to assist the relevant authorities in assessing compliance with the General Data Protection Regulation of the processing in scope of the agreed Regulation.
  • The Commission will have to establish a public register of organisations acting in the public interest against child sexual abuse, with which providers of online communications services can share personal data resulting from the voluntary measures.
  • Transparency and accountability to be supported by annual transparency reports.
  • A 3-year limit on the application of the Regulation, allowing time for the adoption of long-term legislation in this area.

Next steps

The Regulation must now be formally adopted by the European Parliament and the Council.

This interim Regulation will cease to apply at the latest 3 years from its application. As announced in the EU Strategy for a more effective fight against child sexual abuse and in the Commission Work Programme for 2021, the Commission will propose later this year new comprehensive legislation with detailed safeguards to fight child sexual abuse online and offline. These long-term rules will be intended to replace the interim legislation agreed today.

Members of the College said: 

Executive Vice-President for a Europe fit for the digital age, Margrethe Vestager said: “Today’s agreement helps to make the Internet safer for children, which is one of our priorities. The temporary derogation in the Regulation agreed today provides legal clarity on voluntary actions to detect, report and remove child sexual abuse. Both for users and providers of online communications services. At the same time, the legislation contains the necessary safeguards regarding the protection of fundamental rights of users.”

Commissioner for the Internal Market, Thierry Breton, said: “Protecting our children online as we do offline is our priority. Today’s agreement fills the legal gap to allow lawful voluntary practices by online communications services, like webmail and messaging services, to combat child sexual abuse in their services. These practices have to comply with the GDPR and the safeguards and conditions set out in the Regulation agreed today. The European Electronics Communication Code and the ePrivacy Directive continue to apply to all other activities of these providers and scanning of emails or messaging services for profiling remains banned.” 

Commissioner for Home Affairs, Ylva Johansson, said: “When service providers voluntarily detect, report and remove child sexual abuse online, they help children, not just by preventing the traumatic circulation of imagery of their abuse, but also in real time, rescuing them from a situation of ongoing abuse. The drop in reporting we witnessed in recent months means that children continued to suffer unnoticed. Today’s agreement gives the necessary legal certainty for companies to continue to detect and report the abuse of children, with strong safeguards. I am working on proposals for long-term rules in this area.”

Background 

As announced in the EU Strategy for a more effective fight against child sexual abuse, the Commission proposed in September last year an interim legislation to ensure that providers of certain online communications services, like webmail or messaging services, can continue their voluntary measures to detect and report child sexual abuse online and to remove child sexual abuse material beyond 21 December 2020, when these providers fell within the scope of the e-Privacy Directive due to the modernised definitions in the European Electronic Communications Code. The e-Privacy Directive does not contain an explicit legal basis for voluntary processing of content or traffic data for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material. The proposed interim legislation creates a temporary and strictly limited derogation enabling those providers to maintain their activities to detect and report child sexual abuse online and remove child sexual abuse material on their services.

For More Information 

Proposal for a Regulation on the processing of personal and other data for the purpose of combatting child sexual abuse, 10 September 2020

EU Strategy for a more effective fight against child sexual abuse, 24 July 2020