Outside glass view of RPC building.
  1. Home >
  2. Snapshots >
  3. Technology/Digital >
  4. >
  5. Reduced scanning obligations proposed for interpersonal communications services

SHARE:

Reduced scanning obligations proposed for interpersonal communications services

Published on 13 December 2023

What are the consequences of the recent amendments to the EU’s draft legislation to combat Child Sexual Abuse Material (CSAM) on private messaging companies?

The question

What are the consequences of the recent amendments to the EU’s draft legislation to combat Child Sexual Abuse Material (CSAM) on private messaging companies?

The key takeaway

The proposed version of the law narrows obligations on interpersonal communication services, such as webmail messaging services and internet telephony, to scan their services. It introduces targeted detection through judicially backed time-limited orders and excludes end-to-end encryption from the scope of the detection orders.

The background

On 11 May 2022, the European Commission adopted a proposal for a new law to prevent and combat child abuse, as part of a greater collective EU action to tackle child sexual abuse material online. The Commission proposal would require internet providers to assess whether there is an important risk of their services being misused for online child sexual abuse and to take appropriate steps to mitigate these risks. The proposal has been subject to contentious debate, due to concerns regarding privacy and security. 

The development

On 14 November 2023, lawmakers at the European Parliament agreed on a series of amendments to the draft legislation in an attempt to strike the right balance between protecting children and protecting privacy. The draft Parliament position is currently pending endorsement by the plenary.

To avoid blanket scanning of messages, the amended position proposed targeted detection for CSAM, through the introduction of time-limited orders that judicial authorities could issue to digital messaging providers for detection and take-down of CSAM.

The Parliament position further specifies that the orders must be issued as a last resort, where mitigation measures are not effective and if there is “reasonable grounds of suspicion a link […] with child sexual abuse material”.

Importantly, the amendments also ensure that end-to-end encrypted private message services fall outside the scope of the detection orders.

Why is this important?

Under the draft position, private messaging services will face narrower obligations with relation to interpersonal communications, which is essential to safeguard end-to-end encryption of user’s communications. The amendments also ensure that online service providers are not made subject to general obligations to monitor the data that they transmit or store for their users.

Any practical tips?

Practical steps for platforms to consider taking include:

  • conducting risk assessments to identify whether and to what extent their services are likely to be misused for online child sexual abuse
  • reviewing their existing technologies and considering how they can establish processes and systems to ensure compliance with the safeguards foreseen by the law
  • considering whether they will be regulated by the Online Safety Act and, if so, assess any intersection between their obligations under the Online Safety Act and the draft CSAM proposal. 

Winter 2023