ECPAT International, along with more than 50 other child rights NGOs from across the European Union, have sent a letter to EU President Jean-Claude Juncker asking for the EU to amend the wording of the proposed changes to the EU online privacy laws, so that specialist software that tracks child sexual abuse imagery can still be permitted to operate. Unless changed, the proposed regulation threatens to undermine efforts by governments, law enforcement agencies, NGOs and others that have been fighting this crime for years in collaboration with the private sector.
The draft Regulation on Privacy and Electronic Communications (e-Privacy Regulation) is currently under consideration in Brussels, and in a letter to EU President Juncker, Vice President Ansip, and the Austrian Presidency of the EU, we have warned that the new rules in their current form are likely to seriously endanger the safety and well-being of children. The proposed regulation will make it difficult for businesses to deploy software that detects this kind of material in online traffic – so it can be flagged and removed – and we are asking EU ministers for a specific exemption so that this type of technology can still legally operate.
“Technology, such as Microsoft PhotoDNA are currently used by businesses and network providers across the EU. These programmes enable businesses to locate child sex abuse imagery on their systems so it can be reported to appropriate authorities, such as law enforcement, and deleted from servers. In the last few years, this technology has found and removed tens of millions of images, thwarting offenders and preventing the re-victimization of children. The draft regulation threatens to withdraw the permissible use of this successful technology and further imperil the victims of this crime,” says Robbert van den Berg, Executive Director of ECPAT.
Many EU businesses currently use PhotoDNA and similar software on a voluntary basis to rid their networks of child sex abuse material. However, this will change if the new e-Privacy Regulation is adopted. The regulation is due to go before an EU ministerial meeting for discussion on 3 and 4 December. The letter to EU President Juncker cautions:
“It is way beyond the capacity of law enforcement agencies to address the volumes now circulating online. Police in all parts of the world have therefore repeatedly called on the private sector to do more to help, and they are committed to and playing their role. Deploying applications like PhotoDNA is exactly the kind of thing they have in mind. Yet the e-Privacy Regulation appears to threaten this wholly beneficial status quo. We are at a loss to understand why the EU feels it is necessary to step-in and disrupt effective and established practices which self-evidently work so well.”
In October Facebook indicated that in the third quarter of this year, PhotoDNA and comparable products helped it identify 8.7 million images that breached its child nudity policy and most of this content was removed before anyone even saw it. In the past, Google has also indicated that 99 percent of all the illegal content it removed from its services had first been identified using this technology. Similarly, the US based National Center for Missing and Exploited Children recently said it is on track to receive more than 20 million reports of illegal child sex abuse images by the end of 2018, with the overwhelming majority of that imagery detected because of technology companies’ use of PhotoDNA. Indeed, PhotoDNA has helped or will help find some 99 percent of this material.
However, the use of PhotoDNA and similar software would be banned in the EU under the proposed new ePrivacy Regulation. If these new rules are passed, customers would have to be asked for ‘consent’ before certain types of information can be accessed by service providers – an unworkable prospect in the context of illegal child sexual abuse imagery. John Carr, senior advisor to ECPAT, says:
“It is ridiculous to imagine that child sex offenders would be willing to give their consent to being monitored. Adopting this regulation would be a huge gaffe for children’s rights. I’m sure the drafters did not intend to outlaw, reduce or limit the scope for companies to deploy these tools to identify child sex abuse material. We need to put this right.”
The proposed laws would affect all EU Member States unless they individually decide to derogate from the new rules, which ECPAT says would inevitably lead to a patchwork of national laws. John Carr continues:
“This makes no sense at all when dealing with international platforms. The current arrangements are working well. They should leave them alone. I suspect that the current sloppy wording in the proposed regulation was written by someone who did not think it through. Any confusion surrounding the use of PhotoDNA and similar technology could be rapidly and easily cleared up.”
The regulation (the full name of which is: Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC”) is intended to apply to all businesses providing online communication services that use online tracking technologies, or that engage in electronic direct marketing. It would repeal a previous directive from 2002 and is meant to complement the recently passed General Data Protection Regulation.