A lot has been happening on the e-Privacy Regulation. Mostly it has been good news so I have not been issuing further clarion calls for more lobbying. I hope I have not been naïve but I think our joint work has been helping get things on the right track.
Here is a link to the latest text. It was considered at a meeting yesterday.
If you look at the new Article 6 (1)(d) (on page 52 of the pdf), you will see a specific carve out has now been created to allow for measures to detect “child pornography” although there is a bit immediately following it, the status of which I am not entirely clear about. It says the service provider may not ” analyze the actual communications content and shall not store any copies of that content”.
I think I know what they are trying to get at. The drafters, rightly, don’t want the deployment of PhotoDNA or similar tools to be used as a way, intentionally or otherwise, of harvesting and keeping additional or new commercially valuable data about the end user. Arguably that is implied by other, overriding, privacy laws, although I guess there is no harm repeating it.
However, it is impossible to use PhotoDNA or similar hash matching systems without already having a copy of the hash in your possession and in many countries e.g. the USA, it is also a legal requirement to report illegal content to the appropriate authorities. That implies an obligation to have at least momentary possession or storage of it.
I know a hash, technically, is not itself illegal content, but it would nevertheless be good to remove any possible ambiguities.
The Recital will also need tidying up to stay consistent with the new wording of the Articles. The Articles represent the law, whereas the Recitals do not. Even so it is better for them to be fully aligned.
So I think we are moving forward although it never does any harm to let your Government’s representative know you are continuing to follow the file.
Watch this space.
Desiderata 