Two European authorities are responsible for the protection of personal data recently warned Brussels. In a report published on Friday 29 July, the European Data Protection Supervisor and the European Data Protection Board expressed concern about “risks” for privacy, which will include a draft regulation of the European Commission, which makes it possible to oblige a platform or an online messaging system to identify pedophile content.
Presented in May, this project focuses on the fight against child pornography, will establish a “European Center for Combating the Sexual Exploitation of Children” and will require large online platforms to “measure the dangers of distributing child pornography or soliciting sexual behavior”remove illegal content immediately and report all found child pornography content.
Openly criticized in recent months by privacy NGOs, the boss of WhatsApp – Will Cathcart – and other technology companies, it is now up to the European equivalent of the CNIL to publicly reject this regulation. In question, a provision within it plans to impose a scan of all messages, including encrypted ones, to detect any content of child pornography – child sexual abuse material (CSAM), in English – and take appropriate action, if necessary.
Measures considered “highly worrisome”
The European text thus gives a “Target detection obligation”, which will force the services of major platforms to remove content reported to a national authority. So companies should “Deploy non-intrusive technologies as much as possible, in accordance with the law and existing technologies, and should limit false positive rates as much as possible.”
A statement that is not very clear, according to its detractors, for whom the text creates a conflicting mandate between the monitoring of messages exchanged and respect for privacy. “Proposed measures to identify children’s requests in the context of interpersonal communication services [messageries] very worried”judges the European Data Protection Supervisor, Wojciech Wiewiorowski.
These concerns are consistent with those expressed in particular in Germany, which has warned against monitoring encrypted messages, such as WhatsApp. For German Pirate Party MEP Patrick Breyer, “Blocking instant messages would be equivalent to asking La Poste to open and read all mail”. This is “a step towards Chinese-style state surveillance”he added in a press release.
A possible risk for the right to respect for private life
“While supporting the aims and objectives behind this proposal”the European Data Protection Board and the European Data Protection Supervisor (EDPS) “express their serious concerns about the impact of the planned measures on privacy and personal data”.
According to these European authorities, “there is a risk that the proposal will provide a general and indiscriminate analysis of the content of almost any type of electronic communication”. So it calls for a “clarification” the conditions under which detection injunctions may be addressed to service providers.
“The use of technologies (…) such as artificial intelligence tends to generate errors and represents a high level of intrusion into the privacy of individuals”. [Dès lors le] The text may pose more danger to individuals, and by extension to society as a whole, than to criminals. »
The European Commission defends itself
European Commissioner for Home Affairs Ylva Johansson defended her draft regulation in the face of criticism in a blog post in early July. He remembered that any detection was framed by safeguards, “targeted and time limited”. A new European center is responsible for checking that content is not falsely reported before being sent to the police.
“No innocent image will end up in police databases”, assured the Swedish commissioner. Ylva Johansson also added that the detection of child pornography images is already done on a voluntary basis on platforms, such as Facebook and Twitter, or messaging services, such as Gmail. The proposed regulation must be negotiated by the European Parliament and the Council, which represents the Member States.