Rachele Ceraulo also contributed to this report.
On 12 June, CDT Europe and the UN Human Rights Regional Office for Europe held an expert seminar, Towards a meaningful solution: A rights-based approach to combatting child sexual abuse material online, which brought together a wide array of experts to discuss technical and legal solutions to better align the EU’s legislative proposal to address child sexual abuse with international human rights standards. The meeting was held under Chatham House Rules.
The European Commission published its proposal for a “Regulation laying down rules to prevent and combat child sexual abuse” (the Regulation) on 11 May 2022, with the aim to create new monitoring and reporting obligations for companies in relation to child sexual abuse material online. While this attempt to address the heinous crime of child sexual abuse is welcome, further work is needed to come up with solutions to enable the Regulation to ensure a high standard of child protection, whilst fully respecting the right to privacy and data protection as enshrined in both European and international human rights law. This was the starting point for the seminar.
In the spirit of finding meaningful solutions to key challenges posed by the Regulation, the event brought together, at the UN House in Brussels, representatives from member states and EU institutions, child rights and digital rights organisations, public interest technologists, and academics from across the ecosystem.
The roundtable was opened by Peggy Hicks, Director at UN Human Rights, who stressed that it was imperative, from a human rights perspective, to find effective ways to protect children from abuse and exploitation. Building on that common understanding, she reminded participants that there will not be sustainable solutions without closely looking at the consequences of any measures taken on rights. Director Hicks recalled the 2022 OHCHR Report on “The right to privacy in the digital age” and highlighted key recommendations for governments to explicitly protect the privacy and security of communications by using encryption technologies.
She also recalled that any interference with encryption must be subject to strict oversight by an independent judicial body and authorised on a case-by-case basis, targeting individuals if strictly necessary for investigations of serious crimes or threats to public safety or national security. Director Hicks specifically addressed the question of client-side scanning, when messages are scanned on a user’s device before they are encrypted and information about what is in the message is transmitted to a third party. Director Hicks reiterated the position stated in the Privacy Report, that client-side scanning is akin to breaking end-to-end encryption, and raises all of the same human rights concerns.
The Legality Test
The first session, moderated by CDT Europe Director Iverna McGowan, delved into the question of the legality of the proposal, assessing its conformity with existing EU law on content moderation and data protection, and evaluating the criteria of necessity and proportionality in the context of scanning for online child sexual abuse. During the event, experts highlighted the need for legislative efforts in this area to strike a careful balance between state obligations to protect children and the need for measures to be effective, necessary, and proportionate in achieving their intended objective. Particular challenges were raised with regard to the legality of the current proposal given that it was deemed by the academic experts present to fall foul of the EU’s prohibition on general monitoring. Furthermore, careful consideration is needed relating to the privacy of the rights of the child. For instance, there are no safeguards in the proposal for the consensual exchange of sexual images between young people. Furthermore, GDPR Art 22, the right to object to an automated decision that may have a substantial or legal effect, is not currently adequately addressed.
Challenges of Technology
The next session related to the technical feasibility of proposed measures, specifically on the efficacy and shortcomings of scanning technologies and the human rights and security risks associated with efforts to undermine the security of communications. Several speakers talked about the need to clearly identify specific policy objectives and to craft responses to those objectives. For example, there is a need to be specific about different instances of abuse, and the type of policy and legal responses that would be most effective in responding to that particular challenge.
Strong concerns were raised about the accuracy and effectiveness of current detection technologies, and the grave consequences that both false positives and false negatives can have. On one hand, real cases can be missed due to over-reporting and incorrect categorisation and on the other hand, people can be mistakenly identified as engaging in the sexual abuse of children.
Finally, many experts acknowledged the importance of encryption both for young people and children as well as for a plethora of other actors, particularly journalists and human rights defenders. The impact of encryption varies greatly depending on a child’s needs. There were many comments regarding how children’s agency has been missing from the debate, and a recommendation to make more efforts to proactively involve children and youth group representatives in discussions on the file and its implications. It is essential that the perspective of young people and children be properly heard in this debate.
Participants paved the way for further exploration in identifying concrete ways forward to ensure that the technological and legal aspects of the Regulation align with international human rights law, and considerations of the rights of the child and young people in particular.