EU privacy rule would rein in hunt for online child abuse
Privacy concerns in Europe have led to some of the world’s toughest restrictions on companies like Facebook and Google and the ways they monitor people online.
The crackdown has been widely popular, but the regulatory push is now entangled in the global fight against child exploitation, setting off a fierce debate about how far internet companies should be allowed togo when collecting evidence on their platforms of possible crimes against minors.
A rule scheduled to take effect Dec. 20 would inhibit the monitoring of email, messaging apps and other digital services in the European Union. Itwould also restrict the use of software that scans for child sexual abuse imagery and socalled grooming by online predators. The practice would be banned without a court order.
European officials have spent the past several weeks trying to negotiate a deal allowing the detection to continue. But some privacy groups and lawmakers argue that while the criminal activity is abhorrent, scanning for it in personal communications risks violating the privacy rights of Europeans.
“Every time things like these unbelievable crimes are happening, or there is a terrorist attack, it’s very easy to say, ‘We have to be strong, and we have to restrict rights,’ ” said Birgit Sippel, a German member of the European Parliament. “We have tobe very careful.”
Of the more than 52 million photos, videos and other materials related to online child sexual abuse reported between January and September this year, over 2.3 million came from the European Union, according to the U.S. federal clearinghouse for the imagery.
If the regulation took effect, the rate of reports from Europe would drop precipitously, because automated scanning is responsible for nearly all of them. Photo- and video-scanning software uses algorithms to compare users’ content with previously identified abuse imagery. Other software targeted at grooming searches for keywords and phrases known to be used by predators.
Facebook, the most prolific reporter of child sexual abuse imagery worldwide, said it would stop proactive scanning entirely in the EU if the regulation took effect. In an email, Antigone Davis, Facebook’s global head of safety, said the company was “concerned that the new rules as written today would limit our ability to prevent, detect and respond to harm” but said it was “committed to complying with the updated privacy laws.”
There are also concerns among child protection groups that there could be a domino effect — that Facebook and other companies may cease scanning worldwide because they do not have a legal obligation to do so.
“The issue that we’re talking about is global,” said Julie Cordua, the chief executive of Thorn, a company that develops and licenses technologies to defend children from online abuse. “What happens in the EU will have cascading effects around the world.”
Child protection organizations, international law enforcement agencies and U.S. lawmakers have warned that the rule would be a major setback for global efforts to combat the exploitation of children.
“It would be a total failure if during the pandemic and the lockdowns going on in many countries that we should now forbid the detection of grooming,” said Ylva Johansson, a Swedish member of the European Commission with responsibilities for security strategy and terrorism.
Ms. Johansson and other officials are pushing to find a compromise that would allow the scanning to continue for several years, but under a deadline imposed by previous privacy legislation, they would need to settle on a solution by Dec. 20.
“There is this balance between the privacy of the user and the privacy of the child victim,” she said. “The role for politicians is to find the right balance.”
The New York Times reported in 2019 that online child sexual abuse imagery had grown exponential ly in recent yearsand was rampant across the internet, infesting nearly all major platforms. Perpetrators often leverage multiple services, including cloud storage, messaging apps and social media networks. Online video games are another frequent target, with some abusers grooming hundreds and even thousands of victims while they play.
The new restrictions in Europe can be traced to a policy change in 2018 that brought email, some direct messaging and internet services like Facebook, Gmail and Skype under regulations that would prevent companies from monitoring electronic communications. The rule was scheduled to take effect this month to give companies and governments time to prepare.
With the deadline looming, European officials are facing criticism for waiting until the last minute to resolve an issue with broad implications for privacy and child safety.
Whether a compromise can bereached may depend on the debate over grooming-detection software. Last month, Ms. Sippel proposed a competing rule that would allow scanning for photos and videos but ban the grooming software, although it was unclear if she had enough support in Parliament for that position. A committee is to consider the proposal Monday.
Unlike imagery-scanning technology, which is almost 100% accurate in identifying illegal photos and videos, grooming software is right about 90% of the time, according to Hany Farid, a professor atthe University of California, Berkeley, who assisted in the development of both technologies. That means about a 10th of the material flagged by grooming software is not illicit.