Competition between technology companies can be very fierce and gaining early market share is deeply important to commercial success. This may also create incentives for technology companies to make their service or platform as easy to access as possible.
From the earliest stages in the design and development cycle of a product or service, companies should be required to anticipate how children might come to harm should they use it and to build in safeguards to prevent such harm occurring. Safety by design and privacy by default must be the new standard. At the point of first use the device or service should automatically be set to the maximum safety and privacy settings. This assumes all users are children and/or otherwise vulnerable.
Additionally, when a company has verified that a user is a child, these settings should remain activated to a level according to the age and maturity of the child. For example, it may be appropriate and necessary for older adolescents to choose what they can and cannot see, according to the terms of service of the company and assuming they are not using the service in a parental control environment.
Safety and privacy should not be opt-in settings. Parents and children should not have to jump through hoops to get the best possible protection. Applying a ‘safety first’ approach is a practical and crucial step to keeping children safe online.
Since we wrote this article, there have been inevitably developments in terms of EU law and policy that tackle child sexual exploitation and abuse. On 14 July 2021, the temporary derogation to the E-Privacy Directive was published in the official journal of the EU . This directive maintains the status quo for what concerns the proactive use of technology to detect CSAM by online service providers in the EU. The E-privacy Directive has a timeline of three years, and it is essential that longer-term legislation to tackle online child sexual abuse and exploitation is introduced by 13 July 2024.
For this reason, since 2021, ECPAT International is advocating, through Project Beacon, to ensure child protection from sexual abuse and exploitation within the European Digital Services Act that is going to be finalised between April and May 2022- Additionally, Project Beacon advocates for a more comprehensive EU Strategy for a more effective fight against child sexual abuse.
ECPAT continues to work in close partnership with organisations across the EU and globally to advocate for child protection in digital environments. This means leveraging and sharing collective expertise, networks, and voices. ECPAT believes that protecting children from exploitation and abuse online is both possible and essential, and will continue to fight for the best outcomes for children in all relevant EU and international processes.
 Regulation (EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse.
Why does it matter? Follow us on Twitter here to learn more and share your thoughts using the hashtag #ProjectBeacon.