Great news for children coming out of Brussels

Last night in Brussels it was announced that a political agreement had been reached on the interim derogation. In plain English what that means is, pretty much immediately, we can go back to the position we all thought we were in on 19th December 2020 (the day before the new, bad e-Privacy law kicked in).

The suspension is operative for up to three years, during which time we will all need to roll up our sleeves to formulate a longer-term framework. Watch this space.

Thus, the EU has paved the way to allow companies to recommence scanning messaging platforms for child sexual abuse material, grooming behaviour and the use of “classifiers” to detect images not yet determined to be child sexual abuse material but likely to be.

This is a great outcome. A huge pat on the back is due to everyone who had a hand in it. It reflects the enormous amount of work done by many MEPs, Commissioners, Commission staff, children’s groups and child advocacy organizations across the world.

If I have drawn one major conclusion from this whole unfortunate episode it is this: children’s groups and children’s advocates need to engage more closely with privacy lawyers in particular and privacy activists in general.

I share many of the privacy community’s concerns and worries – I think we all do – but a handful of ideologically motivated individuals with a talent for catching media headlines, showed they are not above resorting to outright lies and misinformation to achieve their desired end. In a world bedevilled with often quite intimidating legal and technical language, in a world of zero trust in Silicon Valley and declining trust in Governments, many people, too many people, fell for the scaremongering propaganda.

We cannot let that happen again. We need to find new and better ways to improve public and the media’s understanding of the issues because from that will flow a more grounded and sustainable understanding by policy makers.  Watch this space.

I won’t repeat everything in the Commission’s press release but here’s a first, quick look at the detail of last night’s announcement

  1. The definition of what constitutes qualifying child sexual abuse material or activities is explicitly aligned with the 2011 Directive.
  2. Companies and organizations need to have an appeals mechanism to cater for potentially erroneous decisions. It would be strange if they didn’t already but hey.
  3. There needs to be “human oversight” of the processing of personal data. Potentially problematic given the scale on which the systems operate on larger platforms but it depends how one defines “human oversight”. Expressly there is no requirement for prior authorization before reports can be made or illegal content is taken down.
  4. The tech used needs to be the least privacy intrusive.  That should already be the case.
  5. Companies and organizations need to consult data protection authorities on how they work in this area and the European Data Protection Board will issue guidelines to assist the data protection authorities. Fine, as along as these guys stop thinking along tram lines and learn how to speak in a language the majority of us can understand. They should embrace a mission to explain and heighten public understanding of privacy and not allow themselves to be manipulated into a position where they become identified in the public mind as enemies of common sense who provide shelter to criminals who harm children (and others).
  6. A public register will be established of public interest organizations with which online service providers can share personal data. Sounds OK.  Presumably it will be aligned with the GDPR and changes in Europol’s mandate.
  7. Annual transparency and accountability reports will be required. Hugely important but it cannot be left to companies to mark their own homework. Proportionality will be important here, as it is everywhere else, but so is the idea that everyone can have confidence that the transparency and accountability reports speak the relevant truth and nothing but the relevant truth. I am too polite to repeat the story about how you grow mushrooms.

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Child abuse images, Default settings, E-commerce, Facebook, Google, ICANN, Internet governance, Privacy, Regulation, Self-regulation. Bookmark the permalink.