Detecting online child sexual abuse requires strong safeguards

8 Dec 2020 12:11 PM

The Civil Liberties Committee wants safeguards to ensure that tools used to detect and remove online child sexual abuse respect people’s fundamental rights.

The proposed regulation will provide for limited and temporary changes to the rules governing the privacy of electronic communications so that over the top (“OTT”) communication interpersonal services, such as web messaging, voice over Internet Protocol (VoIP), chat and web-based email services, can continue to detect, report and remove child sexual abuse online on a voluntary basis.

The committee adopted its position with 53 votes in favour and 9 against, 2 abstentions. MEPs also backed, with 54 to 10, the decision to enter into interinstitutional talks and the composition of the negotiating team.

MEPs’ conditions on the use of technologies to detect child sexual abuse online

Online material linked to child sexual abuse is detected through specific technologies that scan the content, such as images and text, or traffic data. Hashing technology could be used for images and videos to detect child sex abuse material, and classifiers and artificial intelligence could be used to analyse text or traffic data and detect grooming (“solicitation”). MEPs, while allowing this practice to continue, agreed that this material has to be processed using technologies that are the least intrusive to privacy.

MEPs demand that the technology used should not be able to understand the substance of the content but only detect patterns. The processed data should be analysed by a person before being reported to authorities. Interactions that are covered by professional secrecy, such as between doctors and their patients, journalists and their sources or lawyers and their clients should not be interfered with.

This legislation should not be interpreted as prohibiting or weakening end-to-end encryption, MEPs underline, and this derogation should not be extended to include audio communications.

Data retention

When no online child sexual abuse has been detected, all data have to be erased immediately, say MEPs. Only in confirmed cases can the strictly relevant data be stored for use by law enforcement for a maximum of three months.

Click here for the full press release