The agony and the ecstasy – all in the same day

Child abuse images, Microsoft, Privacy, Regulation, Self-regulation 3 Minutes

Regular readers will recall last year I got very  engaged with discussions on the new e-Privacy Regulation being drawn up in Brussels. They were threatening to outlaw the use of PhotoDNA and similar tools by certain types of electronic communications providers. A network of children’s groups got busy lobbying Member States and we managed to get the matter put on ice until after the EU Elections. Which is where we are now.

Talks on the Regulation have restarted. “Robust discussions” are underway. However, imagine my surprise when, a few weeks ago, I discovered streaking towards us from an obscure geeky corner in left field,  there was this thing called the “European Electronic Communications Code”  due to come into force on 22nd December 2020.  That meant it would have applied in the UK. I  therefore had an immediate parochial as well as a wider reason to be interested.

Here is what Recital 270 of the relevant Directive says (emphasis added)

“In the absence of relevant rules of Union law, content, applications and services are considered to be lawful or harmful in accordance with national substantive and procedural law. It is a task for the Member States, not for providers of electronic communications networks or services, to decide, in accordance with due process, whether content, applications or  services are lawful or  harmful.”

This would have done exactly what we had been trying to avoid in the discussions on the e-Privacy Regulation. In fact I am given to understand it would have done more and worse because the list of qualifying communications to which it would apply was extended. And what do you make of the suggestion that providers of electronic communications networks or services cannot decide if  something is harmful? Nah.  It can’t mean that. Can it?

Because the Directive was due to come into force on 22nd December there was no way matters could be corrected by reverting back to or relying on the renewed e-Privacy Regulation discussions. They just could not be completed in time. It was looking grim.

By default PhotoDNA would have been killed off

In other words, by default on 22nd December across 28 countries, the UK included, voluntary measures being taken by companies since 2010 to protect children would become illegal. Businesses would be no longer allowed to detect, delete and report illegal child sex abuse material. Companies already doing it would have to stop unless and until the legislature of the relevant jurisdiction expressly made it lawful. Companies that were thinking about doing it presumably would just drop the idea.

Up this morning ready for action

A little while ago a much smaller number of us went into action again.  One of the things I was going to do today was write a blog finishing with a clarion call to step up the lobbying, asking for the matter to be raised in national Parliaments and so on. Then this morning a copy of the EU Commission’s new strategy  for a more effective fight against child sexual abuse dropped into my inbox. These magic words caught my eye on pages 4 and 5.

“The Commission considers that it is essential to take immediate action….. It will therefore propose a narrowly-targeted legislative solution with the sole objective of allowing current voluntary activities to continue. This solution would allow the time necessary for the adoption of a new longer-term legal framework.”

I danced a metaphorical jig. So we are not out of the woods but we have some breathing space. It was the agony and the ecstasy all in the same day.

More on the strategy BUT

I will write soon and more extensively about the EU’s new strategy. On a quick skim it looks brilliant. Makes me proud to be an Irish/EU Citizen, (should I change my name to Sean Gluaisteán or will my distinctive Yorkshire accent betray me?).

But here’s the obvious question: how did an idea like that get so far, so near to becoming law, to doing so much damage? Obviously it wasn’t done with the intention of putting children in peril. Some good soul likely stuck it in there for an excellent reason completely unaware of the unintended consequences.

Asleep at the wheel or just no wheel?

Where was the person with the requisite authority, either in Brussels or in a national capital, but probably Brussels, who could spot something like this and be able to step in?  The case for the Commission having a very high level person in the machinery who understands online child protection and child welfare issues is made once again.

And how come no one in the children’s lobby picked up on it sooner? Including me. Actually I know the answer to that. No resources. No bandwidth. I only cottoned on because …. well never mind how I cottoned on. It was just too haphazard and cannot be relied upon.

We need to do much better.

Published by John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), UNODC, the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com

Published