EU plan to fight online child abuse boosts chances for e-privacy bill deal

An EU proposal to allow WhatsApp, Skype, Viber and other services to continue screening for child-abuse images and messages could help ease negotiations on draft bloc-wide rules to keep communications confidential over networks.

EU governments have failed to reach an accord in the last three and half years of negotiations on the proposed e-privacy regulation. The draft bill has been bogged down over intractable disputes over EU rules covering cookies, behavioral advertising, and whether telecom companies can collect data from users' mobile phones without their prior consent so they can offer new data-driven services.

At one point in the past two years, discussions became testy when a draft text suggested that messaging services could no longer use software to detect online child sexual exploitation.

Germany — which is steering talks between EU governments until the end of the year — aims to reach a “general approach” on the bill before the end of the year so that negotiations can start with the European Parliament. Negotiators are still waiting for a revised text, which had been expected at the beginning of September.

National representatives are thus relieved that one very contentious issue — measures allowing online communication services to fight child sexual abuse — is no longer a topic of discussion and a potential barrier to reaching a deal.

That’s because the European Commission last week proposed a regulation to allow messaging services to continue voluntarily screening for illegal images and text used for “grooming,” when abusers make an emotional connection with a child victim that leads to sexual abuse.

The commission said it’s “essential” for EU governments to approve the regulation because the entry in force on Dec. 21 of EU telecom rules means that Internet-based communications services will lose their legal standing to voluntarily conduct these scans.

Messaging services will fall under the scope of the current e-privacy directive, which doesn’t contain a legal basis to process traffic data to detect child sexual abuse. Unless EU governments’ national laws allow for exemptions of confidentiality, the messaging services would have to stop their cooperation with law enforcement.

The EU's proposed regulation would solve that problem. If it becomes law, the regulation would extend the confidentiality exemption under the e-privacy directive to allow the services to carry on with their screening.

This is something the commission is keen to get done, particularly as there has been a spike in the trafficking of child sexual abuse images since the Covid-19 pandemic began in March, Europol said in a July 19 press release.

Diplomats admit that the e-privacy regulation talks are so fraught with debates over the secrecy of communications that removing a difficult and emotive issue such as fighting child sexual abuse will help them focus on getting over the finish line.

Negotiators recall that two years ago, child advocacy groups were outraged that a draft e-privacy text would have stopped messaging services from using Microsoft’s PhotoDNA and similar software to remove child sex abuse material from their networks.

End-to-end encryption

Instead of going over a new e-privacy text during a meeting on Tuesday, diplomats had a general discussion on the commission’s proposal for an “interim” regulation on combating online child abuse.

The discussion also touched on the commission’s plans for a longer-term legislative roadmap to fight child abuse, which will be issued in early 2021. That regulation will put in place mandatory measures to detect and report child sexual abuse and will replace the interim regulation.

While the interim proposal will defuse tensions and allow diplomats to focus on other e-privacy issues, the commission will eventually have to return to the controversial topic of how to tackle messaging services that use end-to-end encryption, which is abused by criminals to spread child sexual abuse content.

Privacy advocates were unnerved by a discussion paper brought up at Tuesday’s meeting that provided several alternatives for how services could still be screened for child-abuse text and images even if they use end-to-end encryption, such as WhatsApp.  They worry that forcing companies to install “back doors” in their services will undermine privacy rights.

For the moment, diplomats now have two goals: quickly approve the child-abuse measure before the end of the year, and make progress on e-privacy. An agreement on the former will certainly boost chances of a breakthrough in the latter.