The EU’s strategy for a more effective fight against child sexual abuse

I said in an earlier blog I would write more fully about the announcement last week of the European Commission’ s new strategy for a more effective fight against child sexual abuse. I wrote that when I had only skimmed the document. I have now  read it in full from end to end and I have changed my mind. The reason is obvious. The document, known in Commission parlance as a “Communication”,  is itself a summary and a pretty intense and dense one at that.

It is both brilliant and comprehensive, packed with statistics, references and ideas. It would be ridiculous to try to compress it further. I’m afraid you will just have to read it yourselves. It’s worth the effort. And to be clear the document is categorical that any strategy worthy of the name must recognise that addressing child sexual abuse in the physical environment is every bit as important as and integral to tackling it online.

Internal structures?

If it is light in any area it is in respect of the Commission’s own internal structures and processes. Children’s issues are cross-cutting in nature. The atomised way Commission Directorates operate militates against anyone having a 360 degree overview.

This must change. There needs to be someone close to the very top, supported by an expert team, who can see things early in the policy development process. They should have the  authority to step in and insist that the impact on children is weighed in the balance.

I recently wrote about the near miss with the European Electronic Communications Code but there have been other examples before that.

The example of postal services

I remember ages ago attending an event in Brussels where a Commission official was speaking eloquently about smoothing out inconsistencies in relation to sending goods by post across national boundaries. The purpose of his proposals for a new approach was to stimulate more economic activity between Member States.

In Country A it might cost 2 Euros to send a 1 kilogram package to Country B, the border of which might be only a few kilometres away, yet to make the same trip in reverse it might cost 90 Euros because a border was crossed, or only the same 2 Euros if the identical item went for hundreds of kilometres entirely within the territory. The formalities in Country A might also be very different from those in Country B.

I could see the logic of smoothing out inconsistencies in relation to the higher objective of creating a  single internal market but I pointed out that, in respect of children, not all EU Member States had the same regulatory environment in terms of what children could buy online or consume in the physical world so wasn’t there a risk that, without more, this measure was going to threaten…. you see the point.

The chap was disarmingly frank in his reply. “No one has ever mentioned that before. It’s not the sort of thing we ever think about.” Or words to that effect.

A new European Centre to prevent and counter child sexual abuse

It would be absurd to suggest this was the crowning glory of the Commission document but the importance of creating a new European Centre to focus on child sexual abuse cannot be over-emphasised. Few Member States have the capacity to keep tabs on all the research going on around the world or all the developments that impact on this area of work. There are even fewer that, on the scale required, can initiate research and evaluate outcomes.  This means learning about new and valuable ideas can be a bit haphazard. People on the inside track find out fast. People on the outside track don’t.

This proposed new Centre could change all that. It will be able to strike up partnerships and engage with key players outside the EU. Disseminating information in optimal ways will be a core task.

The Centre should aim to become a global resource working cooperatively with existing and new poles of expertise. There is plenty for everyone to do.

Again a word of caution. For this Centre to be truly effective it must find a way of strengthening the capacity of civil society to participate in its work. There has to be a strong independent voice that will not feel constrained about speaking truth to power because power is tied up in trade talks with a third party nation about whale meat or because it might be uncomfortable to highlight the shortcomings of a prominent partner. When things get cosy they go wrong. But who doesn’t like cosy? Cosy is the new entropy.

Challenges ahead

The Communication contains many references to the Child Sexual Abuse Directive (2011/93) a truly ground-breaking initiative at the time which, if memory serves, was inspired by or grew out of an earlier Communication of some sort. The new Communication acknowledges there have been difficulties in securing full transposition and implementation of the Directive. So much so that it has already initiated infringement proceedings against 23 out of a possible 26 Member States (Denmark is exempt) and, according to footnote 22, in the cases of Ireland, Cyprus and The Netherlands we learn there is a “dialogue on conformity” which is seemingly “ongoing”. 

That means not a single EU Member State to which the Directive applied has, in the view of the Commission, satisfactorily discharged what they think are the obligations imposed by the Directive. Food for a great deal of thought.

Does anyone know of any instances in other areas where everybody has either been proceeded against for non-compliance or become involved in a “dialogue on conformity”?

Posted in Child abuse images, Privacy, Regulation, Self-regulation, Uncategorized

Facebook’s very poor example

I have lost count of the number of times child safety advocates from around the world have got in touch with me because, in relation to something they think is important and urgent locally, they cannot get any response from a big, usually American, company.

Typically these colleagues were from smaller countries – for which read smaller markets – where the company concerned did not have an office or staff. Happily I was often, not always, able to help out and make a connection because I knew senior people in the business either in Europe or on the other side of the pond.

It goes without saying it shouldn’t be like that. But here is a case that takes the proverbial biscuit.  This news report was sent to me by a lawyer friend from South Africa.

Threat of gang rape

Two months ago on Instagram a teenager was threatened with gang rape. Anonymously. Obviously. Sounds like the threats were graphic and detailed. There was reason to believe one of the people behind them attended the same school as the targeted victim. The threat was close to home. It felt immediate.

The police were hopeless.  It would likely take six months to get them to issue a subpoena to discover who the culprits were. Not good enough but equally not an alibi for inaction on the part of Facebook.  With the backing of a rich local philanthropist the victim’s parents instructed lawyers. Here’s where it gets really bizarre.

Facebook’s lawyers cannot accept service of a writ

Nobody disputed the teenager was entitled to receive the information she requested. However, Facebook’s lawyers in South Africa not only said they could not accept service of a writ on behalf of the company, neither would they provide an email address or other information to help the teenager progress her case in a different or more expeditious way.

In the end, thanks again philanthropist, the South African lawyer instructed a Californian lawyer to drive to Facebook’s HQ and on 6th July the necessary papers were physically served under US Federal or Californian processes.

Here is what the South African based lawyer said

“….Facebook Inc has constructed an impenetrable fortress around it which makes it almost impossible for users of Facebook or Instagram to obtain basic subscriber information that would identify the perpetrators of crimes committed on these platforms”.


Posted in E-commerce, Facebook, Regulation, Self-regulation

The agony and the ecstasy – all in the same day

Regular readers will recall last year I got very  engaged with discussions on the new e-Privacy Regulation being drawn up in Brussels. They were threatening to outlaw the use of PhotoDNA and similar tools by certain types of electronic communications providers. A network of children’s groups got busy lobbying Member States and we managed to get the matter put on ice until after the EU Elections. Which is where we are now.

Talks on the Regulation have restarted. “Robust discussions” are underway. However, imagine my surprise when, a few weeks ago, I discovered streaking towards us from an obscure geeky corner in left field,  there was this thing called the “European Electronic Communications Code”  due to come into force on 22nd December 2020.  That meant it would have applied in the UK. I  therefore had an immediate parochial as well as a wider reason to be interested.

Here is what Recital 270 of the relevant Directive says (emphasis added)

“In the absence of relevant rules of Union law, content, applications and services are considered to be lawful or harmful in accordance with national substantive and procedural law. It is a task for the Member States, not for providers of electronic communications networks or services, to decide, in accordance with due process, whether content, applications or  services are lawful or  harmful.”

This would have done exactly what we had been trying to avoid in the discussions on the e-Privacy Regulation. In fact I am given to understand it would have done more and worse because the list of qualifying communications to which it would apply was extended. And what do you make of the suggestion that providers of electronic communications networks or services cannot decide if  something is harmful? Nah.  It can’t mean that. Can it?

Because the Directive was due to come into force on 22nd December there was no way matters could be corrected by reverting back to or relying on the renewed e-Privacy Regulation discussions. They just could not be completed in time. It was looking grim.

By default PhotoDNA would have been killed off

In other words, by default on 22nd December across 28 countries, the UK included, voluntary measures being taken by companies since 2010 to protect children would become illegal. Businesses would be no longer allowed to detect, delete and report illegal child sex abuse material. Companies already doing it would have to stop unless and until the legislature of the relevant jurisdiction expressly made it lawful. Companies that were thinking about doing it presumably would just drop the idea.

Up this morning ready for action

A little while ago a much smaller number of us went into action again.  One of the things I was going to do today was write a blog finishing with a clarion call to step up the lobbying, asking for the matter to be raised in national Parliaments and so on. Then this morning a copy of the EU Commission’s new strategy  for a more effective fight against child sexual abuse dropped into my inbox. These magic words caught my eye on pages 4 and 5.

“The Commission considers that it is essential to take immediate action….. It will therefore propose a narrowly-targeted legislative solution with the sole objective of allowing current voluntary activities to continue. This solution would allow the time necessary for the adoption of a new longer-term legal framework.”

I danced a metaphorical jig. So we are not out of the woods but we have some breathing space. It was the agony and the ecstasy all in the same day.

More on the strategy BUT

I will write soon and more extensively about the EU’s new strategy. On a quick skim it looks brilliant. Makes me proud to be an Irish/EU Citizen, (should I change my name to Sean Gluaisteán or will my distinctive Yorkshire accent betray me?).

But here’s the obvious question: how did an idea like that get so far, so near to becoming law, to doing so much damage? Obviously it wasn’t done with the intention of putting children in peril. Some good soul likely stuck it in there for an excellent reason completely unaware of the unintended consequences.

Asleep at the wheel or just no wheel?

Where was the person with the requisite authority, either in Brussels or in a national capital, but probably Brussels, who could spot something like this and be able to step in?  The case for the Commission having a very high level person in the machinery who understands online child protection and child welfare issues is made once again.

And how come no one in the children’s lobby picked up on it sooner? Including me. Actually I know the answer to that. No resources. No bandwidth. I only cottoned on because …. well never mind how I cottoned on. It was just too haphazard and cannot be relied upon.

We need to do much better.

Posted in Child abuse images, Default settings, Microsoft, Privacy, Regulation, Self-regulation | 1 Comment

Age verification marches on

This week saw the publication of  a report of a conference which I organized with the help of The Reward Foundation. What did we look at?

  • With the enormous advances that have been made in recent years in the field of neuroscience, what new insights do we have about the impact of pornography on the development of the adolescent brain?
  • How is today’s pornography industry  set up and is the content they are producing anything like that of earlier years?
  • How do age verification technologies actually work? Can they preserve the privacy rights of both adults and children?
  • What actually happened in the UK that led to the implementation of its age verification regime for commercial porn sites being delayed?
  • More importantly, what wider learnings are there from the UK experience?
  • Which other countries are moving towards age verification for pornography sites?

Government officials, academics, activists, technologists, educators, researchers and regulators from 29 countries on five continents gathered in a Zoom to exchange experiences and ideas. And plan and plot for the future!

There is no doubt online age verification is an idea whose time has come. In a different guise it was even debated yesterday in the UK’s House of Lords.

I hope you find the report useful and if you want to know more please get in touch with me or The Reward Foundation.

Posted in Age verification, Pornography, Privacy, Regulation, Self-regulation

The Government lost in court today

The Government lost in court today. Yippee! The age verification companies won the right to proceed with a Judicial Review of the Secretary of State’s decision not to proceed with the implementation of age verification. What will the Government do now?

I cannot believe they will want to go through the messy business of disclosure. Why? Because they have nothing to disclose. The decision was taken on political grounds, with no sound basis in policy or research.



Posted in Age verification, Pornography, Regulation, Self-regulation

UK Government in court over age verification

The Government is in court tomorrow over its failure to implement age verification for pornography sites. Fingers crossed.

Posted in Age verification, Pornography, Privacy, Regulation, Self-regulation, Uncategorized

EU’s new policy statement on child sex abuse

The EU is developing a new policy statement ( a “Communication”) on the fight against child sex abuse. Here is a link to my submission.  It’s too long but there is an Appendix which summarises the main recommendations.

Posted in Child abuse images, Regulation, Self-regulation

Are you beyond being shocked?

Do you think you are beyond being shocked? I thought I was too, but I’ve just been reading about the “Kentler Project” . For 30 years the authorities in West Berlin intentionally placed homeless children in the care of known paedophiles. Details are re-emerging in the wake of publicity about an enormous police operation getting underway in Germany, perhaps involving up to 30,000 people drawn from German-speaking communities.

I’m not  sure  the UK’s IICSA Enquiry or the 1997 blockbuster “People Like Us” by Sir William Utting ( which, among other things, looked at how poor management systems had allowed paedophiles to infiltrate children’s homes), can match anything like Kentler but that is not saying much as the Rotherham, Rochdale and other cases remind us.

Posted in Child abuse images, Uncategorized

Business goes where Governments fear to tread

It’s a funny old world.

Governments bang on about the unacceptable nature of some of the stuff that regularly appears on social media. They call on the platforms to do something about it and, immediately, a whole army of predictable voices rise up to claim this presents a terrible danger to free speech. Those elements truly living in a deluded bubble often go a great deal further, suggesting it is all part of a (usually) undisclosed plot by Governments to… know the rest.  You can fill in the dots without my help.

But just look what has been happening in the last week or so and listen to the silence.

Stop Hate for Profit

9 days ago an initiative called “Stop Hate For Profit” launched an appeal to advertisers, asking them to halt further expenditure on Facebook until the end of July. Why? Here are their own, unedited words

“From the monetization of hate speech to discrimination in their algorithms to the proliferation of voter suppression, to the silencing of Black voices, Facebook has refused to take responsibility for hate, bias, and discrimination growing on their platforms.”


Who are some of the moving forces within Stop Hate For Profit? The  NAACP and the Anti-Defamation League  (ADL) are two powerful and highly respectable US civil rights bodies and they have gathered about them several other heavyweight organizations as part of an impressively larger effort sparked by the Black Lives Matter movement in the wake of the murder of George Floyd.

So how are they doing?

Unilever (the largest spender on advertising in the world) has joined Ben & Jerry’s, Verizon and North Face in saying they are withholding their patronage. Today Coca-Cola joined the gang along with Honda and Hershey’s, the largest sweets manufacturer in the USA. According to some reports Twitter is being added to the list of boycotted companies and the period may extend beyond July.

Imagine the intellectual contortions going on in some people’s heads. On the one hand, if you believe in a free market economy in which private companies are at liberty to express their tastes and preferences in terms of how and where they spend their own advertising budgets then none of this is in the least bit worrisome or troubling. But on the other…

Not the arbiter of truth?

Only last month Mark Zuckerberg proclaimed Facebook won’t be the “arbiter of truth”.  This sort of slippery, political language hints at desperation.  It won’t wash. It won’t fool anyone. Everybody knows Plato cashed in his shares and left the company years ago, along with Leibniz and Sir Karl Popper.

Facebook is not conducting a philosophy seminar in Oxford. Facebook is a fully engaged actor. What it does shapes and affects outcomes on the rough hewn streets of our cities and beyond. Facebook cannot be neutral or Olympian when it comes to spreading stuff that kills people. It cannot ignore behaviour which causes injury.

You cannot hold yourself out as being concerned to make the world a better place and at the same time eschew interventions that will actually make the world a better place.

What people expect from Facebook can be stated in plain language.  Common decency. If that is just too difficult for the company’s present management to handle they should make way for a new set of brains and wiser hands.

Yes, the dangers are clear

The dangers of allowing companies to step in and insist on Facebook and others upping their game could threaten diversity as it drags social media platforms back to a comfortable centre.  I have to say, right now, I for one would welcome a bit of that. I am fed up with being forced to worry about edge cases when so much in the middle is wrong.  If anything, what Unilever and others have done is remind everybody why we need internet regulation to be based firmly on clearly stated, public policies which are enforceable by courts not advertisers’ whimsy.

Meanwhile let’s see if Facebook decides if it can, after all, get into a bit of “arbiting”.

Posted in Facebook, Privacy, Regulation, Self-regulation, Uncategorized

Something could be done now?

If you click here you will see a copy of a letter I sent today to Information Commissioner, Elizabeth Denham CBE, the UK’s chief privacy enforcement official.

In the letter I suggest the fact that the Government called a halt to the implementation of Part 3 of the Digital Economy Act 2017, (DEA) appears to have convinced porn companies they can carry on as before for at least another year. Other businesses that engage in the provision of sites, apps or services intended only for adults seem to think they too have been awarded an extended, child-harming holiday.

All of them are mistaken, at least in principle.

My letter is designed to see how far this principle might be able to propel the Commissioner to act to make the internet safer for children sooner.

What was Part 3 about?

There are two fundamental points about Part 3 of the DEA.

First, it only applies to commercial pornography sites.  As already mentioned, there are several other types of adult sites, apps and services which can put children at risk. For them Part 3 is substantially if not wholly irrelevant.

Secondly, reverting to commercial pornography sites, let us recall Part 3’s quite specific purpose. It was intended to create a regulator with powers which would allow it to influence the behaviour of businesses ordinarily outside the reach of UK courts. All the porn sites that matter are based overseas. They have no significant asset base in the UK.

The regulator would be able to bring such sites to heel by attacking their income streams. Ultimately, if necessary, the sites themselves could be blocked.

There has to be another Bill

The DEA said the regulator would be the BBFC. Now it looks like it will be Ofcom but that is contingent upon the Government bringing a Bill to Parliament.

The Government said they will bring a Bill at or around the time they publish their final response to the Online Harms White Paper.  We still have no idea exactly when that will be. Covid and Brexit are set to dominate British politics for ages. However, even if the Bill appears, as promised, “sometime this year”, it likely will not pass until next year,  then the processes of getting a new regime established will begin.

Things could be “speeded up” by the wholesale copying of the BBFC’s work but, assuming the Government remains true to its word, there will be the new powers to integrate vis-a-vis social media platforms. Then there’s privacy. It seems likely there will be changes there as well. Either way we could be looking at 2023 or beyond.

That is completely unacceptable but some people who were focused solely on porn said they weren’t so bothered because once the excellent Age Appropriate Design Code kicks in  the Information Commissioner can go after the sites. A regrettable delay but not a huge one. We can live with it. No.

The Code is not about adult sites, apps or services

The problem is the Code, brilliant and necessary though it is, actually is not concerned with adult sites, apps and services. It follows if the Commissioner can do anything it has to be rooted in the basic law. And if that is the case we do not need to wait until the Code comes into force. The child-harming holiday is cancelled.

Still need Part 3 DEA powers but in the meantime

Obviously, the Commissioner does not have at her disposal the same powers that were going to be given to the BBFC. But if, whether in a letter or as the outcome of a formal investigation, Elizabeth Denham were to make clear that certain sites or classes of apps, sites or services operating without robust measures to restrict children’s access were operating unlawfully, or were likely to be, it may have some beneficial impact. It might shame the owners into acting earlier or cause other businesses on whom they depend to withdraw their services or support.

We can but hope.

PS If you read the letter all the way to the end note the point about perilous and deceptive marketing.

Posted in Advertising, Age verification, E-commerce, Pornography, Regulation, Self-regulation