11 May – With the publication of a proposal to prevent and combat child sexual abuse, alongside the new European Strategy for a Better Internet for Kids, the European Union sends a clear message to EU citizens and across the world: children’s rights need to be protected both offline and online. Only a few weeks after the adoption of the Digital Services Act, which significantly revises the obligations placed on digital service providers with regards all users in the EU, this Child Rights package of measures provides specific, targeted, and comprehensive protections for children.
Together with other child right’s organisations, ECPAT has been calling on the European Union (EU) to adopt a legislative framework, proportionate and future-proof, to mandate technology to be safely used to detect child sexual exploitation and abuse materials. EU citizens across continent have already expressed widespread support (68 %) for the use of tools to identify child sexual abuse materials, and for the EU to introduce long-term legislation that will keep children safe online. In a recent survey conducted in partnership with our member Defence for Children – ECPAT Netherlands, the message was clear: the public wants action to keep children safe, and they see automated tools as the answer. (You can read more on the report delivered by YouGov here).
“children’s rights need to be protected both offline and online.”
The proposal for a Regulation establishes the legal basis upon which existing tools and techniques can be used to proactively protect children. This is an important acknowledgement of the fact that a range of advanced technology tools, that protect children online, already exist and have worked for many years. From Google to Apple, more than 200 companies, use PhotoDNA to prevent their services from being used to spread child sexual abuse material. However, this number pales in comparison to the number of companies operating online. This disparity is largely because, there are currently no legal duties to use, report, or assess how companies use them. Meanwhile, the number of reports of online child sexual exploitation in Europe has risen from 23 000 in 2010 to more than 1 million in 2020, with over 3 million images and videos. Europe has become the largest host of child sexual abuse material (CSAM) in the world, with over 60 % of such material.
With the publication of a proposal to prevent and combat child sexual abuse, alongside the new European Strategy for a Better Internet for Kids, the European Commission is finally responding to these concerns, providing clear obligations for all companies and introducing much needed safeguards to avoid any misuse of the technology, and to ensure the privacy of adult and child end users. The proposed Regulation builds upon a foundation of voluntary actions not by replacing it, but by formalising and expanding it while including safeguards, transparency and accountability obligations.
Under the new Regulation, online service providers offering services in the EU will have a general obligation to assess the risk of their services being misused for online child sexual abuse, and adopt mitigation measures. For instance, installing safe and responsive reporting channels for users could mitigate illegal use of their platforms.
However, if despite mitigations measures being put in place, evidence of significant risks of the service being misused persists, national courts or independent authorities could issue an obligation to detect child sexual abuse. This detection order needs to establish that the risk of abuse outweighs the negative consequences of a detection order, over the rights of all the parties affected, such as the right to privacy and security of all users, including children. Providers, including providers of end-to-end encryption messaging apps, would need to execute the orders by installing and operating technologies. Such technologies are subject to certain safeguards, including being assessed by the European Data Protection Board and not being able to extract any other information than what is strictly necessary to detect the abuse. Detection orders will be limited in time. Providers as well as any user affected will have the right to effective redress, including challenging the detection order. The obligation to detect would cover known or new child sexual abuse material as well as the solicitation of children (‘grooming’), allowing companies to disrupt harm at an early stage.
“The protection and empowerment of children and young people in digital environments is becoming the rule, not the exception.”
When providers become aware of potential online child sexual abuse on their service, be it via technology or users’ reports, they would have the obligation to report and remove it. The legislation also includes the obligation for app stores to prevent children from downloading apps that present a high risk for grooming.
Among other key features, there will be formal support and redress mechanisms for victims of child sexual abuse. Victims have the right to know when, where and how their images are shared, and what action has been taken. And they will have access to support services through Member State and EU mechanisms.
The proposal responds to a large gap in the existing ecosystem of child protection bodies, with the establishment of an EU Centre to prevent and counter child sexual abuse. The Centre will be a fully independent EU agency with close ties to Europol for the purposes of data sharing. It will provide assistance to victims and operational support to online service providers. The Centre will work in collaboration with public-private partners such as the INHOPE network as well as civil society – a cooperation that ECPAT hopes to be fully utilised to ensure a strong dialogue on the challenges and best practices to prevent and end child sexual abuse and exploitation.
And lastly, the regulation also imposes data collection and transparency reporting obligations on online service providers, national coordinating authorities and the EU Centre.
While there are many details to unpack in the coming days and weeks, one thing seems clear: citizens and child rights organisations have strong cause to be optimistic in the belief that the tide is turning against the digital wild west. Protection and empowerment of children and young people in digital environments is becoming the rule, not the exception. As the negotiations with the European Parliament and Council on the proposal start up, ECPAT will continue to engage with the general public, governments, civil society organisations and companies to turn this legislative process into tangible outcomes for child protection online.
Learn more about ECPAT’s Project Beacon aiming to put children’s rights at the heart of European Union’s digital policies.