REPORT on the proposal for a regulation of the European Parliament and of the Council on a temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards as the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

11.12.2020 - (COM(2020)0568 – C9‑0288/2020 – 2020/0259(COD)) - ***I

Committee on Civil Liberties, Justice and Home Affairs
Rapporteur: Birgit Sippel


Procedure : 2020/0259(COD)
Document stages in plenary
Document selected :  
A9-0258/2020
Texts tabled :
A9-0258/2020
Texts adopted :

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION

on the proposal for a regulation of the European Parliament and of the Council on the temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards as the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

(COM(2020)0568 – C9‑0288/2020 – 2020/0259(COD))

(Ordinary legislative procedure: first reading)

The European Parliament,

 having regard to the Commission proposal to Parliament and the Council (COM(2020)0568),

 having regard to Article 294(2) and Article 16(2) and 114(1) of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C9‑0288/2020),

 having regard to Article 294(3) of the Treaty on the Functioning of the European Union,

 having regard to the opinion of the European Economic and Social Committee of 29 October 2020[1],

 having regard to Rule 59 of its Rules of Procedure,

 having regard to the opinion of the Committee on Women's Rights and Gender Equality,

 having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs (A9-0258/2020),

1. Adopts its position at first reading hereinafter set out;

2. Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;

3. Instructs its President to forward its position to the Council, the Commission and the national parliaments.

 

Amendment  1

Proposal for a regulation

Title

 

Text proposed by the Commission

Amendment

on a temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

on a temporary restriction of certain rights and obligations under Directive 2002/58/EC of the European Parliament and of the Council as regards the use of specific technologies by number-independent interpersonal communications service providers for the processing of personal data for the purpose of combatting online child sexual abuse

Amendment  2

Proposal for a regulation

Recital 2

 

Text proposed by the Commission

Amendment

(2) Directive 2002/58/EC applies to the processing of personal data in connection with the provision of publicly available electronic communication services. The definition of electronic communication service is currently to be found in Article 2, point (c), of Directive 2002/21/EC of the European Parliament and of the Council4. Directive (EU) 2018/1972 of the European Parliament and of the Council5 repeals Directive 2002/21/EC with effect from 21 December 2020. From that date, the definition of electronic communications services will be replaced by a new definition, in Article 2(4) of Directive (EU) 2018/1972, which includes number-independent interpersonal communications services as defined in Article 2(7) of that Directive. Those services, which include, for example, voice over IP, messaging and web-based e-mail services, will therefore fall within the scope of Directive 2002/58/EC, as of 21 December 2020.

(2) Directive 2002/58/EC applies to the processing of personal data in connection with the provision of publicly available electronic communication services. Up until 21 December 2020, the definition of electronic communication service set out in Article 2, point (c), of Directive 2002/21/EC of the European Parliament and of the Council4 applied. On that date, Directive (EU) 2018/1972 of the European Parliament and of the Council5 repealed Directive 2002/21/EC. The definition of electronic communications services in Article 2(4) of Directive (EU) 2018/1972 includes number-independent interpersonal communications services as defined in Article 2(7) of that Directive. Those services, which include, for example, voice over IP, messaging and web-based e-mail services, have therefore been within the scope of Directive 2002/58/EC, as of 21 December 2020.

Amendment  3

Proposal for a regulation

Recital 3

 

Text proposed by the Commission

Amendment

(3) In accordance with Article 6(1) of the Treaty on European Union, the Union recognises the rights, freedoms and principles set out in the Charter of Fundamental Rights of the European Union. Article 7 of the Charter of Fundamental Rights of the European Union (“the Charter”) protects the fundamental right of everyone to the respect for his or her private and family life, home and communications, which includes the confidentiality of communications. Article 8 of the Charter contains the right to protection of personal data. Article 24(2) of the Charter provides that, in all actions relating to children, whether taken by public authorities or private institutions, the child’s best interests must be a primary consideration.

(3) In accordance with Article 6(1) of the Treaty on European Union, the Union recognises the rights, freedoms and principles set out in the Charter of Fundamental Rights of the European Union. Article 7 of the Charter of Fundamental Rights of the European Union (“the Charter”) protects the fundamental right of everyone to the respect for his or her private and family life, home and communications, which includes the confidentiality of communications. Article 8 of the Charter contains the right to protection of personal data. Article 3(1) of the 1989 United Nations Convention on the Rights of the Child ("UNCRC") and Article 24(2) of the Charter provide that, in all actions relating to children, whether taken by public authorities or private institutions, the child’s best interests must be a primary consideration. Articles 3(3) of the UNCRC and 24(1) of the Charter furthermore evoke the right of children to protection and care as is necessary for their well-being.

Amendment  4

Proposal for a regulation

Recital 4

 

Text proposed by the Commission

Amendment

(4) Sexual abuse and sexual exploitation of children constitute serious violations of human rights, in particular of the rights of children to be protected from all forms of violence, abuse and neglect, maltreatment or exploitation, including sexual abuse, as provided for by the 1989 United Nations Convention on the Rights of the Child and by the Charter. Digitisation has brought about many benefits for society and the economy, but also challenges including an increase of child sexual abuse online. The protection of children online is one of the Union's priorities. On 24 July 2020, the Commission adopted an EU strategy for a more effective fight against child sexual abuse6 (“the Strategy”), which aims to provide an effective response, at Union level, to the crime of child sexual abuse.

(4) The protection of children is one of the Union's priorities. Sexual abuse and sexual exploitation of children constitute serious violations of human and fundamental rights, in particular of the rights of children to be protected from all forms of violence, abuse and neglect, maltreatment or exploitation, including sexual abuse, as provided for by the 1989 United Nations Convention on the Rights of the Child and by the Charter. Digitisation has brought about many benefits for society and the economy, but also challenges including an increase of online child sexual abuse resulting from broader access to potential victims and a sharp rise in the exchange of online child sexual abuse material. Online child sexual abuse material is based on actual abuse in the offline world, where most abuses are committed by persons belonging to the family or being close to it.

_________________

_________________

6 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, EU strategy for a more effective fight against child sexual abuse, 24.7.2020 COM(2020) 607 final.

 

Amendment  5

Proposal for a regulation

Recital 4 a

 

Text proposed by the Commission

Amendment

 

(4a) Teenagers have the right to discover their sexual identity in a safe and private environment. The rise in reported numbers of online child sexual abuse material is also partially due to the emerging practice of teenagers who, in the development of their sexual identity and experiences, take explicit pictures of videos of themselves and send them to peers, or share such material without a sexual motivation. In addition, the age of sexual consent differs across Member States. If users have reached the age of sexual consent under national law, no reporting on solicitation of children should not be reported to law enforcement authorities

Amendment  6

Proposal for a regulation

Recital 5

 

Text proposed by the Commission

Amendment

(5) Certain providers of number-independent interpersonal communications services, such as webmail and messaging services, are already using specific technologies to detect and report child sexual abuse online to law enforcement authorities and to  organisations acting in the public interest against child sexual abuse, or to remove child sexual abuse material, on a voluntary basis. Those organisations refer to national hotlines for reporting child sexual abuse material, as well as to organisations whose purpose is to reduce child sexual exploitation, and prevent child victimisation, located both within the Union and in third countries.  Collectively, those voluntary activities play a valuable role in enabling the identification and rescue of victims, and reducing the further dissemination of child sexual abuse material, while also contributing to the identification and investigation of offenders, and the prevention of child sexual abuse offences.

(5) Certain providers of number-independent interpersonal communications services, such as webmail and messaging services, are already using specific technologies, to detect online child sexual abuse on their services and report it to law enforcement authorities and to organisations acting in the public interest against child sexual abuse on a voluntary basis, by scanning either the content, such as images and text, or the traffic data of communications using, in some instances, historical data. The technology used for these activities could be hashing technology for images and videos and classifiers and artificial intelligence for analysing text or traffic data. The providers refer to national hotlines for reporting online child sexual abuse material, as well as to organisations whose purpose is to identify children and reduce child sexual exploitation and sexual abuse, and prevent child victimisation, located both within the Union and in third countries, in particular the National Center for Missing and Exploited Children (NCMEC) in the United States. Such organisations usually do not fall within the scope of Regulation (EU) 2016/679. Collectively, such voluntary activities play a valuable role in enabling the identification and rescue of victims, whose fundamental rights to human dignity and to physical and mental integrity are severely violated, and reducing the further dissemination of online child sexual abuse material, while also contributing to the identification and investigation of offenders, and the prevention, detection,  investigation and prosecution of child sexual abuse offences.

Amendment  7

Proposal for a regulation

Recital 5 a

 

Text proposed by the Commission

Amendment

 

(5a) Notwithstanding their legitimate objective, these activities constitute an interference with the fundamental rights to respect for private and family life and protection of personal data of the individuals concerned, namely all users, potential offenders and victims. Any limitation to the fundamental right to respect for private and family life, including the confidentiality of communications, cannot be justified merely on the ground that certain technologies were previously deployed when the services concerned did not, from a legal perspective, constitute electronic communications services. Such interference is only possible under certain conditions. It needs to be provided for by law, respect the essence of the rights to private and family life and to the protection of personal data and, in compliance with the principle of proportionality, be necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others as enshrined in Article 52 (1) of the Charter. Where such measures permanently involve a general and indiscriminate monitoring and analysis of communications of all users, they violate the right to confidentiality of communications, as the Court of Justice has ruled in the joined Cases C-511/18, C-512/18 and C-520/18 - La Quadrature et al.1a and in joined cases C-293/12 – Digital Rights Ireland and C-594/12 – Seitlinger1b.

 

_________________

 

1a  ECLI:EU:C:2020:791.

 

1b ECLI:EU:C:2014:238

Amendment  8

Proposal for a regulation

Recital 6

 

Text proposed by the Commission

Amendment

(6) Until 20 December 2020, the processing of personal data by providers of number-independent interpersonal communications services by means of voluntary measures for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material is governed by Regulation (EU) 2016/679.

(6) The processing of personal data by providers of number-independent interpersonal communications services by means of voluntary measures for the purpose of detecting and reporting online child sexual abuse and removing online child sexual abuse material is governed by Regulation (EU) 2016/679. Directive (EU) 2018/1972 does not have a direct effect on providers of number-independent interpersonal communications services.

Amendment  9

Proposal for a regulation

Recital 7

 

Text proposed by the Commission

Amendment

(7) Directive 2002/58/EC does not contain any specific provisions concerning the processing of personal and other data in connection with the provision of electronic communication services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material. However, pursuant to Article 15(1) of Directive 2002/58/EC, Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in, inter alia, Articles 5 and 6 of that Directive, which concern confidentiality of communications and traffic data, for the purpose of prevention, investigation, detection and prosecution of criminal offences linked to child sexual abuse. In the absence of such legislative measures, and pending the adoption of a new longer-term legal framework to tackle child sexual abuse effectively at Union level as announced in the Strategy, there would be no legal basis for providers of number-independent interpersonal communications services to continue to detect and report child sexual abuse online and remove child sexual abuse material in their services beyond 21 December 2020.

(7) Directive 2002/58/EC does not contain any specific provisions concerning the processing of personal data in connection with the provision of electronic communication services for the purpose of detecting and reporting online child sexual abuse and removing child sexual abuse material. However, pursuant to Article 15(1) of Directive 2002/58/EC, Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in, inter alia, Articles 5 and 6 of that Directive, which concern the confidentiality of communications and traffic data, for the purpose of prevention, investigation, detection and prosecution of criminal offences linked to child sexual abuse. In the absence of such national legislative measures and pending the adoption of a longer-term legal framework to tackle child sexual abuse at Union level, those voluntary measures of providers of number-independent interpersonal communications services can no longer rely on Article 6 of Regulation (EU) 2016/679 to continue to detect and report online child sexual abuse on and remove online child sexual abuse material from their services beyond 21 December 2020. This Regulation does not provide for the processing of personal data by number-independent interpersonal communications services for the sole purpose of detecting and reporting online child sexual abuse and removing online child sexual abuse material from their services, but it provides for a restriction of certain rights and obligations laid down in Directive 2002/58/EC. It also lays down additional safeguards to be respected by the providers of number-independent interpersonal communication services if they wish to rely on this Regulation.

Amendment  10

Proposal for a regulation

Recital 7 a

 

Text proposed by the Commission

Amendment

 

(7a) The processing of images and videos for the purposes of this Regulation should always be considered to constitute processing of special categories of personal data, under Article 9 of Regulation (EU) 2016/679 because images and videos are biometric data that are processed through a specific technical means allowing the unique identification or authentication of a natural person.

Amendment  11

Proposal for a regulation

Recital 8

 

Text proposed by the Commission

Amendment

(8) This Regulation therefore provides for a temporary derogation from Article 5(1) and Article 6 of Directive 2002/58/EC, which protect the confidentiality of communications and traffic data. Since Directive 2002/58/EC was adopted on the basis of Article 114 of the Treaty on the Functioning of the European Union, it is appropriate to adopt this Regulation on the same legal basis. Moreover, not all Member States have adopted legislative measures at national level to restrict the scope of the rights and obligations provided for in those provisions in accordance with Article 15(1) of Directive 2002/58/EC, and the adoption of such measures involves a significant risk of fragmentation likely to negatively affect the internal market.

(8) This Regulation therefore provides for a temporary restriction of Articles 5(1) and Article 6 (1) of Directive 2002/58/EC, which protect the confidentiality of communications and traffic data. Voluntary measures applied by providers offering number-independent interpersonal communications services in the Union for the sole purpose of detecting and reporting online child sexual abuse and detecting, removing and reporting online child sexual abuse material therefore become subject to the safeguards and conditions set out in this Regulation as well as in Regulation (EU) 2016/679.  Since Directive 2002/58/EC was adopted on the basis of Article 114 of the Treaty on the Functioning of the European Union, it is appropriate to adopt this Regulation on the same legal basis. Where Member States adopt legislative measures at national level to restrict the scope of the rights and obligations provided for in those provisions in accordance with Article 15(1) of Directive 2002/58/EC they should respect Regulation (EU) 2016/679, in particular Article 23 thereof.

Amendment  12

Proposal for a regulation

Recital 9

 

Text proposed by the Commission

Amendment

(9) Given that electronic communications involving natural persons will normally qualify as personal data, this Regulation should also be based on Article 16 of the Treaty, which provides a specific legal basis for the adoption of rules relating to the protection of individuals with regard to the processing of personal data by Union institutions and by the Member States when carrying out activities which fall within the scope of Union law, and rules relating to the free movement of such data.

(9) Given that data related to electronic communications involving natural persons will always qualify as personal data, this Regulation should also be based on Article 16 of the Treaty on the Functioning of the European Union, which provides a specific legal basis for the adoption of rules relating to the protection of individuals with regard to the processing of personal data by Union institutions and by the Member States when carrying out activities which fall within the scope of Union law, and rules relating to the free movement of such data.

Amendment  13

Proposal for a regulation

Recital 10

 

Text proposed by the Commission

Amendment

(10) To the extent that processing of personal data in connection with the provision of electronic communications services by number-independent interpersonal communications services for the sole purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material falls within the scope of the derogation provided for by this Regulation, Regulation (EU) 2016/679 applies to such processing, including the requirement to carry out an assessment of the impact of the envisaged processing operations where appropriate pursuant to Article 35 of that Regulation prior to the deployment of the technologies concerned.

(10) To the extent that processing of personal data in connection with the provision of electronic communications services by number-independent interpersonal communications services for the sole purpose of detecting and reporting online child sexual abuse and removing online child sexual abuse material falls within the scope of the restriction provided for by this Regulation, Regulation (EU) 2016/679 applies to such processing, including but not limited to, its provisions on principles relating to the processing of personal data (Article 5), lawfulness of processing (Article 6), processing of special categories of personal data (Article 9), restrictions (Article 23), the security of processing (Article 32), transfers of personal data to third countries or international organisations (Chapter V), independent supervisory authorities (Chapter VI), cooperation and consistency (Chapter VII) and remedies, liability and penalties (Chapter VIII), as well as the requirement to carry out an assessment of the impact of the envisaged processing operations pursuant to Article 35 of that Regulation prior to the deployment of any technologies concerned and the requirement pursuant to Article 36 thereof to consult the supervisory authority concerned prior to processing, or  in the case of technologies analysing traffic or content data for the purpose of identifying possible instances of solicitation of children, a prior authorisation from the supervisory authorities.

Amendment  14

Proposal for a regulation

Recital 11

 

Text proposed by the Commission

Amendment

(11) Since the sole objective of this Regulation is to enable the continuation of certain existing activities aimed at combating child sexual abuse online, the derogation provided for by this Regulation should be limited to well-established technology that is regularly used by number-independent interpersonal communications services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material before the entry into force of this Regulation. The reference to the technology includes where necessary any human review directly relating to the use of the technology and overseeing it. The use of the technology in question should therefore be common in the industry, without it necessarily being required that all providers use the technology and without precluding the further evolution of the technology in a privacy-friendly manner. In this respect, it should be immaterial whether or not a particular provider that seeks to rely on this derogation itself already uses such technology on the date of entry into force of this Regulation. The types of technologies deployed should be the least privacy-intrusive in accordance with the state of the art in the industry and should not include systematic filtering and scanning of communications containing text but only look into specific communications in case of concrete elements of suspicion of child sexual abuse.

(11) Since this Regulation aims to enable the continuation of certain existing activities aimed at detecting, reporting and removing online child sexual abuse material and detecting and reporting online child sexual abuse that comply with Regulation (EU) 2016/679, the restriction provided for by this Regulation should be limited to technology that has been subject to prior consultation in accordance with Article 36 of Regulation (EU) 2016/679 or, where required by this Regulation, prior authorisation by a national supervisory authority, technology that is regularly used by number-independent interpersonal communications services for the sole purpose of detecting and reporting online child sexual abuse and removing online child sexual abuse material. The reference to the technology includes any human review directly relating to the use of the technology and overseeing its functioning with a view to avoid unnecessary and disproportionate interference with fundamental rights. The use of the technology in question should therefore be common in the industry, without it necessarily being required that all providers use the technology and without precluding the further evolution of the technology in a privacy-friendly manner. In this respect, it should be irrelevant whether or not a particular provider that seeks to rely on the restriction provided for by this Regulation itself already uses such technology on the date of entry into force of this Regulation. The types of technologies deployed should be the least privacy-intrusive in accordance with the state of the art in the industry. The types of technologies deployed should be the least privacy-intrusive in accordance with the state of the art in the industry and should not be used for systematic filtering and scanning of communications containing text but only to look into specific communications in case of concrete elements of suspicion of child sexual abuse. To the extent that they are used to scan communications containing text, technologies should not be able to understand the substance of the content but should solely detect patterns, which point to possible online child sexual abuse.

Amendment  15

Proposal for a regulation

Recital 13

 

Text proposed by the Commission

Amendment

(13) The personal and other data used when carrying out the activities covered by the derogation set out in this Regulation, as well as the period during which the data is subsequently retained in case of positive results, should be minimised so as to ensure that the derogation remains limited to what is strictly necessary.

(13) The personal data used when carrying out the activities covered by the restriction provided for by this Regulation, as well as the period during which the data and any result of the processing of this data are subsequently retained in case of positive results, should be minimised to what is strictly necessary so as to ensure that the interference with the confidentiality of communications remains as limited as possible.

Amendment  16

Proposal for a regulation

Recital 14

 

Text proposed by the Commission

Amendment

(14) In order to ensure transparency and accountability in respect of the activities undertaken pursuant to the derogation, the providers should publish reports on an annual basis on the processing falling within the scope of this Regulation, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, the numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

(14) In order to ensure transparency and accountability in respect of the activities undertaken pursuant to the restriction, provided for by this Regulation, interpersonal communications service providers should publish and submit reports by ... [six months after the entry into force of this Regulation], and on an annual basis thereafter, on the processing falling within the scope of this Regulation, including on the type and volumes of data processed, the ground relied on for transfers of personal data pursuant to Article 6 of Regulation (EU) 2016/679, the ground relied on for transfers of personal data outside the Union pursuant to Chapter V of Regulation (EU) 2016/ 679, where applicable, the number of cases identified, the number of cases in which a user has lodged a complaint with the internal redress mechanism or with a judicial authority and the outcome of those proceedings, measures applied to select and improve key indicators, the numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied pursuant to Regulation (EU) 2016/679. Providers should also submit their reports to the supervisory authorities in accordance with Regulation (EU) 2016/679.

Amendment  17

Proposal for a regulation

Recital 14 a (new)

 

Text proposed by the Commission

Amendment

 

(14a) In order to support the responsible supervisory authorities in their task, the Commission should request the European Data Protection Board to issue guidelines on compliance with Regulation (EU) 2016/679 of processing falling within the scope of the restriction laid down in this Regulation. Those guidelines should in particular assist the supervisory authorities in providing advice in the framework of the prior consultation procedure set out in Article 36 of Regulation (EU) 2016/679, which is to be carried out when assessing whether an established or new technology to be used is state-of-the-art, the least privacy-intrusive and operating on an adequate legal basis under Regulation (EU) 2016/679.

Amendment  18

Proposal for a regulation

Recital 15

 

 

Text proposed by the Commission

Amendment

(15) This Regulation should enter into force on the third day following that of its publication in the Official Journal of the European Union, in order to ensure that it is applicable as from 21 December 2020.

deleted

Amendment  19

Proposal for a regulation

Recital 16

 

Text proposed by the Commission

Amendment

(16) This Regulation restricts the right to protection of the confidentiality of communications and derogates from the decision taken in Directive (EU) 2018/1972 to subject number-independent interpersonal communications services to the same rules as all other electronic communications services as regards privacy. The period of application of this Regulation should, therefore, be limited until 31 December 2025, that is to say for a time period reasonably required for the adoption of a new long-term legal framework, with more elaborate safeguards. In case the long-term legislation is adopted and will enter into force before that date, that legislation should repeal this Regulation.

(16) This Regulation restricts the right to protection of the confidentiality of communications carried out by number-independent interpersonal communications services for the sole purpose of detecting and removing online child sexual abuse material and reporting it to law enforcement authorities and to organisations acting in the public interest against child sexual abuse and of  detecting or reporting online child sexual abuse to law enforcement authorities. The period of application of this Regulation should, therefore, be limited until 31 December 2022. In case the long-term legislation is adopted and will enter into force before that date, that legislation should repeal this Regulation.

Amendment  

Proposal for a regulation

Recital 17 a (new)

 

Text proposed by the Commission

Amendment

 

(17a) The supervisory authorities responsible for monitoring the application of this Regulation should be the same as the independent supervisory authorities designated pursuant to Chapter VI of Regulation (EU) 2016/679.

Amendment  21

Proposal for a regulation

Recital 17 b (new)

 

Text proposed by the Commission

Amendment

 

(17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.

Amendment  22

Proposal for a regulation

Recital 17 c (new)

 

Text proposed by the Commission

Amendment

 

(17c) The right to respect for private and family life, including the confidentiality of communications, is a fundamental right guaranteed under Article 7 of the Charter. It is thus also a prerequisite for secure communications between victims of child sexual abuse and a trusted adult or organisations active in the fight against child sexual abuse as well as in communications between victims and their lawyers.

Amendment  23

Proposal for a regulation

Recital 17 d (new)

 

Text proposed by the Commission

Amendment

 

(17d) All communications between an accused or convicted person and his or her lawyer should be protected, in order to guarantee the fundamental rights to an effective remedy and to a fair trial pursuant to Article 47 of the Charter as well as the right to the presumption of innocence and the right of defence pursuant to Article 48 thereof.

Amendment  24

Proposal for a regulation

Recital 18

 

Text proposed by the Commission

Amendment

(18) The objective of this Regulation is to create a temporary derogation from certain provisions of Directive 2002/58/EC without creating fragmentation in the Internal Market. In addition, national legislation would most probably not be adopted in time in all Member States. As this objective cannot be sufficiently achieved by the Member States, but can rather be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives. It introduces a temporary and strictly limited derogation from the applicability of Articles 5 (1) and 6 of Directive 2002/58/EC, with a series of safeguards to ensure that it does not go beyond what is necessary for the achievement of the set objectives.

(18) The objective of this Regulation is to create a temporary restriction of specific provisions of Directive 2002/58/EC without creating fragmentation in the Internal Market. In addition, national legislation would most probably not be adopted in time in all Member States. As this objective cannot be sufficiently achieved by the Member States, but can rather be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives. It introduces a temporary and strictly limited restriction of the applicability of Articles 5 (1) and 6 (1) of Directive 2002/58/EC, with a series of safeguards to ensure that it does not go beyond what is necessary for the achievement of the set objectives.

Amendment  25

Proposal for a regulation

Recital 19

 

Text proposed by the Commission

Amendment

(19) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council7 and delivered its opinion on […],

19) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council7 and delivered its opinion on 10 November 2020 ,

Amendment  26

Proposal for a regulation

Article 1

 

Text proposed by the Commission

Amendment

Article 1

Article 1

Subject matter

Subject matter

This Regulation lays down temporary and strictly limited rules derogating from certain obligations laid down in Directive 2002/58/EC, with the sole objective of enabling providers of number-independent interpersonal communications services to continue the use of technologies for the processing of personal and other data to the extent necessary to detect and report child sexual abuse online and remove child sexual abuse material on their services.

This Regulation lays down temporary and strictly limited rules restricting certain rights and obligations laid down in Directive 2002/58/EC, with the sole objective of enabling providers of certain number-independent interpersonal communications services, to continue, while fully respecting the rights and obligations laid down in Regulation (EU)2016/679, using specific technologies, namely the use of a unique non-reconvertible digital signature (‘hash’) and the use of technologies analysing traffic or content data for the sole purpose of processing personal data to the extent strictly necessary to detect and report online child sexual abuse and remove online child sexual abuse material on their services.

Amendment  27

Proposal for a regulation

Article 2

 

Text proposed by the Commission

Amendment

Article 2

Article 2

Definitions

Definitions

For the purpose of this Regulation, the following definitions apply:

For the purpose of this Regulation, the following definitions apply:

(1) ‘number-independent interpersonal communications service’ means a service as defined in Article 2(7) of Directive (EU) 2018/1972;

(1) ‘number-independent interpersonal communications service’ means a number-independent interpersonal communications service as defined in Article 2(7) of Directive (EU) 2018/1972;

(2) ‘child sexual abuse online’ means:

(2) online child sexual abuse material’ means:

(a) material constituting child pornography as defined in Article 2, point (c), of Directive 2011/93/EU of the European Parliament and of the Council;

(a) child pornography as defined in Article 2, point (c), of Directive 2011/93/EU of the European Parliament and of the Council;

(b) solicitation of children for the purpose of engaging in sexual activities with a child or of producing child pornography by any of the following:

 

(i) luring the child by means of offering gifts or other advantages;

 

(ii) threatening the child with a negative consequence likely to have a significant impact on the child;

 

(iii) presenting the child with pornographic materials or making them available to the child .

 

(c)‘pornographic performance’ as defined in Article 2(e) of Directive 2011/93/EU.

(c)‘pornographic performance’ as defined in Article 2, point (e), of Directive 2011/93/EU;

 

(2a) ‘solicitation of children’ means any intentional conduct constituting a criminal offense under Article 6 of Directive 2011/93/EC;

 

(2b) ‘online child sexual abuse’ means ‘online child sexual abuse material’ and ‘solicitation of children’;

 

(2c) ‘positive hit of online child sexual abuse material’ means a match resulting from a comparison between an image or a video and a ‘hash’ from a data base containing verified online child sexual abuse material and maintained by an organisation recognised by the Commission pursuant to Article 3f of this Regulation.

Amendment  28

Proposal for a regulation

Article 3

 

Text proposed by the Commission

Amendment

Article 3

Article 3

Scope of the derogation

Scope of the restriction

The specific obligations set out in Article 5(1) and Article 6 of Directive 2002/58/EC shall not apply to the processing of personal and other data in connection with the provision of number-independent interpersonal communications services strictly necessary for the use of technology for the sole purpose of removing child sexual abuse material and detecting or reporting child sexual abuse online to law enforcement authorities and to organisations acting in the public interest against child sexual abuse, provided that:

1. The specific rights and obligations set out in Article 5(1) and Article 6(1) of Directive 2002/58/EC shall be restricted with regard to the confidentiality of communications involving the processing of personal data in connection with the provision of number-independent interpersonal communications services provided that such restriction is strictly necessary for the use of specific technology for the sole purpose of detecting and removing online child sexual abuse and reporting it to law enforcement authorities and to organisations acting in the public interest and for detecting online child sexual abuse and reporting it to law enforcement authorities provided that:

(a) the processing is proportionate and limited to well-established technologies regularly used by providers of number-independent interpersonal communications services for that purpose before the entry into force of this Regulation, and that are in accordance with the state of the art used in the industry and are the least privacy-intrusive;

(a) the processing is proportionate and limited to technologies regularly used by providers of number-independent interpersonal communications services for that sole purpose and provided that the technologies fulfil all of the following conditions:

 

(i) they are in accordance with the state- of- the art used in the industry and are the least privacy-intrusive, including with regard to the  principle of data protection by design and by default as laid down in Article 25 of Regulation (EU) 2016/679, and, to the extent that they are used to scan communications containing text, they are not able to understand the substance of the content but solely detect patterns, which point to possible online child sexual abuse;

 

(ii) a prior data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679 and a prior consultation procedure pursuant to Article 36 of Regulation (EU) 2016/679 have been conducted in accordance with Article 3a of this Regulation and have indicated that the processing would not result in a high risk to the rights and freedoms of natural persons or that measures have been taken by the controller to mitigate the risk;

 

(iii) in the case of technologies analysing traffic or content data for the purpose of identifying possible instances of solicitation of children, a prior authorisation has been given from the supervisory authorities, following the prior data protection impact assessment and the consultation of the supervisory authority;

 

(iv) the processing is based on  Article 6(1) of Regulation (EU)2016/679, provided that, without prejudice to Regulation (EU) 2016/ 679, all the conditions laid down in this Regulation have been complied with;

 

(v) the categories of personal data to be processed for each processing operation are the content data, related traffic data as well as other personal data generated through such processing;

 

(vi) there are internal procedures within the number-independent interpersonal communications service to prevent abuse, unauthorised access or transfers;

 

(vii) the identity and categories of the controller or controllers are clearly specified;

 

(viii) the provider of the number-independent interpersonal communications services ensures human oversight and intervention for the processing of personal data, and no ʻpositive hit of online child sexual abuse materialʼ is sent to law enforcement authorities or organisations as referred to in Article 3f of this Regulation without prior human confirmation;

 

(ix) the provider of the number-independent interpersonal communications services ensures human oversight and intervention  for  the processing of personal data, and no reasoned suspicion, based on concrete elements,  of online child sexual abuse, is sent to law enforcement authorities without prior human confirmation;

 

(x) appropriate procedures and redress mechanisms are in place to ensure that individuals can lodge complaints with the provider of a number-independent interpersonal communications service within a reasonable timeframe for the user to present their views in accordance with Article 3c;

 

(xi)  without prejudice to the information provided for in Articles 13 and 14 of Regulation (EU) 2016/679, the data subjects are informed about the restriction of the confidentiality of their communications for the sole purpose of removing child sexual abuse material and detecting or reporting child sexual abuse material, including the possibility that personal data is shared with law enforcement authorities and organisations acting in the public interest against child sexual abuse;

 

(xii) in the event of a ʻpositive hit of online child sexual abuse material' or a reasoned suspicion, based on concrete elements, of online child sexual abuse, the data subjects are given the following information, without prejudice to the information provided for in Articles 13 and 14 of Regulation (EU) 2016/679, unless to do so would be prejudicial to an ongoing investigation, in which case the provision of that information may be delayed to the extent strictly necessary and the data subjects shall be informed without delay after the investigation is closed:

 

(a) the competent law enforcement authorities and organisations acting in the public interest against child sexual abuse with whom their personal data have been shared;

 

(b) the avenues for redress with the provider of number-independent interpersonal communications services; and

 

(c) the possibility of lodging a complaint with the competent supervisory authority and of a judicial remedy, and the identity of those authorities;

 

(xiii) there is no interference with any communication protected by professional secrecy, such as between doctors and their patients, journalists and their sources or lawyers and their clients;

 

(xiv) any transfer of personal data to third countries or international organisations complies with Chapter V of Regulation (EU) 2016/679;

(b) the technology used is in itself sufficiently reliable in that it limits to the maximum extent possible the rate of errors regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;

(b) the technology used to identify online child sexual abuse material is in itself sufficiently reliable in that it limits the rate of errors where content is wrongly identified as content representing online child sexual online abuse (“false positives”) to at most 1 in 50 billion regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;

 

(ba) the technology used to identify solicitation of children is in itself sufficiently reliable in that it limits to the maximum extent possible the rate of errors regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;

(c) the technology used to detect solicitation of children is limited to the use of relevant key indicators, such as keywords and objectively identified risk factors such as age difference, without prejudice to the right to human review;

(c) the technology used to detect patterns of possible solicitation of children is limited to the use of relevant key indicators and objectively identified risk factors without prejudice to the right to human review;

(d) the processing is limited to what is strictly necessary for the purpose of detection and reporting of child sexual abuse online and removal of child sexual abuse material and, unless child sexual abuse online has been detected and confirmed as such, is erased immediately;

(d) the processing allowed by the restriction provided for in this Regulation is limited to what is strictly necessary for the sole purpose of detection and reporting of online child sexual abuse and removal of online child sexual abuse material;

 

(da) where no online child sexual abuse has been detected and confirmed as such, all content data, related traffic data and any result of processing of these data is erased immediately after the processing;

 

(db) where child sexual abuse has been detected and confirmed as such, the strictly relevant content data, the related traffic data and personal data generated through such processing, are retained solely for the following purposes and only for the time period strictly necessary, but in any case no longer than three months, after which they are deleted immediately and permanently:

 

- in order to report and transfer them, pursuant to Regulation (EU) 2016/679, to the competent law enforcement authorities without undue delay;

 

- in order to report and transfer them, pursuant to Regulation (EU) 2016/679, to organisations acting in the public interest against child sexual abuse operating a database pursuant to Article 3f of this Regulation;

 

- in order to block the account of the user concerned or suspend a service offered to him or her;

 

- regarding personal data reliably identified as online child sexual abuse material online, in order to create a ‘hash’;

 

- for the purpose of seeking redress from the provider or pursuing administrative review or judicial remedies;

(e) the provider annually publishes a report on its related processing, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

(e) the provider publishes and submits a report to the supervisory authority in accordance with Regulation (EU) 2016/679 and to the Commission, by ... [six months after the date of entry into force of this Regulation], and annually thereafter, of the processing of personal data allowed by the restriction provided for in this Regulation, including the type and volumes of data processed, the ground relied on for the processing pursuant to Article 6 of Regulation (EU) 2016/679, the legal ground relied on for transfers of personal data outside the Union pursuant to Chapter V of Regulation (EU) 2016/679 where applicable, the number of cases identified, the number of cases in which a user has lodged a complaint with the internal redress mechanism or with a judicial authority and the outcome of those proceedings, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied pursuant to Regulation (EU) 2016/679;

As regards point (d), where child sexual abuse online has been detected and confirmed as such, the relevant data may be retained solely for the following purposes and only for the time period necessary:

 

- for its reporting and to respond to proportionate requests by law enforcement and other relevant public authorities;

 

- for the blocking of the concerned user’s account;

 

- in relation to data reliably identified as child pornography, for the creation of a unique, non-reconvertible digital signature (‘hash’).

 

 

(ea) every case of a reasoned and verified suspicion of online child sexual abuse is immediately reported to the competent national law enforcement authorities.

 

1a. This Regulation shall not apply to the scanning of audio communications.

Amendment  29

Proposal for a regulation

Article 3 a (new)

 

Text proposed by the Commission

Amendment

 

Article 3 a

 

Obligation for a prior data protection impact assessment and a prior consultation of the supervisory authorities

 

1. Providers of number-independent interpersonal communications services shall, in order to rely on the restriction provided for by this Regulation, conduct a prior data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679 and a prior consultation procedure pursuant to Article 36 thereof.

 

2. The Member States shall ensure that the supervisory authorities have sufficient resources for prior data protection impact assessments and prior consultation procedures, in line with the requirements laid down in Regulation (EU) 2016/679.

 

This Article shall not apply where a data protection impact assessment and a prior consultation of the supervisory authorities have been conducted prior to … [the entry into force of this Regulation] and have indicated that the processing would not result in a high risk to the rights and freedoms of natural persons or that measures have been taken by the controller to mitigate the risk.

Amendment  30

Proposal for a regulation

Article 3 b (new)

 

Text proposed by the Commission

Amendment

 

Article 3b

 

European Data Protection Board guidelines

 

By ... [one month after the date of entry into force of this Regulation], and pursuant to Article 70 of Regulation (EU) 2016/679, the Commission shall request the European Data Protection Board to issue guidelines for the purpose of assisting the supervisory authorities responsible in accordance with Regulation (EU) 2016/679 to assess whether the processing falling within the scope of this Regulation, for existing as well as future technologies, used for the sole purpose of combatting online child sexual abuse complies with Regulation (EU) 2016/679.

Amendment  31

Proposal for a regulation

Article 3 c (new)

 

Text proposed by the Commission

Amendment

 

Article 3 c

 

Complaint mechanism

 

Providers of number-independent interpersonal communications services using technologies for the processing of personal data to detect and report online child sexual abuse and detect and report and remove online child sexual abuse material shall establish an effective and accessible mechanism allowing users whose content has been removed or reported to law enforcement authorities or an organisation acting in the public interest against online child sexual abuse to submit a complaint against the action of the provider concerned, where the material reported or removed does not constitute online child sexual abuse in accordance with this Regulation.

Amendment  32

Proposal for a regulation

Article 3 d (new)

 

Text proposed by the Commission

Amendment

 

Article 3d

 

Effective remedies

 

Users who have been adversely affected by the use of specific technologies for the processing of personal data to detect and report online child sexual abuse and remove online  child sexual abuse material from the services of number-independent interpersonal communications services shall have the right to an effective remedy where the material reported or removed does not constitute online child sexual abuse in accordance with this Regulation. Member States shall put in place effective procedures for the exercise of that right, including for the following cases:

 

(i) the users’ content or identity have been reported to an organisation acting in the public interest against child sexual abuse or to law enforcement authorities;

 

(ii) the users’ content has been removed or their account has been blocked or a service offered to them has been suspended.

Amendment  33

Proposal for a regulation

Article 3 e (new)

 

Text proposed by the Commission

Amendment

 

Article 3e

 

Supervisory authorities

 

The supervisory authorities responsible for monitoring the application of this Regulation shall be the same as the independent supervisory authorities designated pursuant to Chapter VI of Regulation (EU) 2016/679.

Amendment  34

Proposal for a regulation

Article 3 f (new)

 

Text proposed by the Commission

Amendment

 

Article 3f

 

Public register of organisations acting in the public interest against child sexual abuse

 

By ... [one month of the date of entry into force of this Regulation], the Commission shall establish a public register of organisations acting in the public interest against child sexual abuse with which providers of number-independent interpersonal communications services can share personal data under this Regulation and without prejudice to Chapter V of Regulation (EU) 2016/679. That public register shall be established based on transparent and objective criteria and kept up to date.

Amendment  35

Proposal for a regulation

Article 3 g (new)

 

Text proposed by the Commission

Amendment

 

Article 3g

 

Statistics

 

1. By .... [six months after entry into force of Regulation], and on annual basis thereafter, the Member States shall make publicly available and submit reports to the Commission with statistics on all of the following elements:

 

(a) the total number of reports of detected online child sexual abuse that have been provided by number-independent interpersonal communications services and organisations acting in the public interest against child sexual abuse to the competent national law enforcement authorities, differentiating between the absolute number of cases and those cases reported several times and the type of provider of number-independent interpersonal communications services where the online child sexual abuse was detected;

 

(b) the number of children identified through actions pursuant to Article 3 of this Regulation, differentiated according to gender;

 

(c) the number of perpetrators  prosecuted, following identification through technology;

 

(d) the number of perpetrators convicted;

 

(e) the number of false positives reported;

 

(f) the technologies used to detect online child sexual abuse  and their percentage in contributing to the detection of online child sexual abuse; and

 

(g) the providers of number-independent interpersonal communications services offering services in their territory using technology to detect, remove or report online child sexual abuse.

 

2. The Commission shall aggregate the statistics referred to in paragraph 1 of this Article and shall take them into account when reviewing this Regulation, pursuant to Article 3h of this Regulation.

Amendment  36

Proposal for a regulation

Article 3 h (new)

 

Text proposed by the Commission

Amendment

 

Article 3h

 

Review

 

1. On the basis of the reports provided pursuant to Article 3(1), point(e), and the statistics provided pursuant to Article 3g, the Commission shall, by …[two years after entry into force of Regulation], and annually thereafter, conduct a review of this Regulation and submit and present a report to the European Parliament and to Council.

 

2. In conducting its review, the Commission shall pay special attention to:

 

(a) all conditions for the processing of personal data enumerated under Article 3 3, point (a);

 

(b) the proportionality of the restriction provided for by this Regulation, including an assessment of the statistics submitted by the Member States under Article 3g;

 

(c) developments in technological progress regarding such activities, and the extent to which such developments improve accuracy and reduce false positives.

Amendment  37

Proposal for a regulation

Article 3 i (new)

 

Text proposed by the Commission

Amendment

 

Article 3i

 

Terms and conditions

 

Without prejudice to Article 3(a), points (xi) and (xii), providers of number-independent interpersonal communications services that use technologies falling within the scope of this Regulation shall include in their terms and conditions clear and comprehensive information on the functioning of such measures and the impact on users’ confidentiality of communications.

Amendment  38

Proposal for a regulation

Article 4

 

Text proposed by the Commission

Amendment

Article 4

Article 4

Entry into force and application

Entry into force and application

This Regulation shall enter into force on the third day following that of its publication in the Official Journal of the European Union.

This Regulation shall enter into force on the third day following that of its publication in the Official Journal of the European Union.

It shall apply from 21 December 2020 until 31 December 2025.

It shall apply from 21 December 2020 until 31 December 2022.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

This Regulation shall be binding in its entirety and directly applicable in all Member States.


 

EXPLANATORY STATEMENT

Sexual abuse of children (CSA) constitutes a serious violation of human and fundamental rights. It can thus justify the restriction of the fundamental rights to confidentiality of communications and protection of personal data, provided that such a restriction constitutes a necessary and proportionate measure in a democratic society and that it respects the essence of the fundamental rights and freedoms.

To detect, report and remove child sexual abuse material (CSAM), certain providers of number-independent interpersonal communications services are currently scanning communication such as messages (content and/or meta data, in some instances, historical data) on a voluntary basis.

The proposed Regulation seeks to restrict the right to protection of the confidentiality to allow for these voluntary activities to continue after 21 December 2020, date of entry into force of the European Electronic Communications Code which would bring these providers into the scope of Directive 2002/58/EC (ePrivacy) and thus oblige them to ask users for consent before scanning their communication.

The rapporteur’s and the European Parliament’s work on this proposed Regulation has been complicated to a great deal by the time pressure resulting from the fact that this proposal was only presented on 10 September 2020 by the Commission (although the European Electronic Communication Code was already adopted in December 2018). Furthermore, the Commission did not respect its obligation under the Better Law Making agreement to accompany this proposal by an Impact Assessment and does not wish to take a stance on whether current voluntary practices to detect and report CSAM are in fact legal under EU law. Crucial information regarding the level of interference with the fundamental rights to the protection of confidentiality of communications and the protection of personal data is therefore missing at the time of preparing this draft report.

Main elements of this draft report include:

a) General considerations

- End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including that of children and victims. Nothing in this Regulation should be interpreted as prohibiting or weakening end-to-end encryption.

 

- The proposed Regulation does not provide in itself for a legal basis for the scanning of communication by providers. Instead, it provides for a restriction of certain rights and obligations laid down in Directive 2002/58/EC, and lays down additional safeguards to be respected by the providers if they wish to rely on this Regulation.

b) Clarifications on the scope of the measure

- This Regulation should only apply to videos or images exchanged over messaging or email services. It should not apply to the scanning of text or audio communication, which remains fully subject to the provisions of the e Privacy Directive.

- In view of its temporary nature, the material scope of the Regulation should be limited to the established definition of so called ‘child pornography’ as defined in Directive 2011/93/EU and ‘pornographic performance’ as defined in the same directive.

- The technology does not have to be in use before the entry into force of this Regulation, as long as it fulfils all the conditions spelled out in this Regulation, in order for the legislation to be future-prove.

c) Additional safeguards

- Providers of number-independent interpersonal communications services that wish to reply on this Regulation have to fulfil certain conditions. These include:

- a mandatory prior data protection impact assessment pursuant and a mandatory consultation procedure, prior to the use of the technology as required by Articles 35 and 36 of the GDPR;

- using Article 6 (1) d) or e) of Regulation (EU) 2016/679 as a legal basis;

- human overview and intervention is ensured for any processing of personal data, and no positive result is sent to law enforcement authorities or organisations acting in the public interest without prior human review;

- appropriate procedures and redress mechanisms are in place:

- no interference with any communication protected by professional secrecy;

- adequate legal basis for transfers outside the EU, in line with Chapter V of the GDPR.

- effective remedies provided by the Member States at national level.

All these conditions need to be met in order to ensure the proportionality of the restriction to the fundamental rights that this activity implies.

d) Public register of organisations acting in the public interest against child sexual abuse

The Commission should establish a public register of organisations acting in the public interest against child sexual abuse with which providers can share personal data.

e) Enhanced transparency

The providers should publish a first report six months after the entry into force of this Regulation, and thereafter on an annual basis.

f) Time limitation of the proposed Regulation

The period of application of this Regulation should be limited until 31 December 2022. In case the future long-term legislation is adopted and will enter into force before that date, that legislation should repeal this Regulation.

 

Greens/EFA minority position

(pursuant to Rule 55(4))

The proposal does not protect children but exposes children and adults alike to major risks (such as AI algorithms falsely flagging legal intimate depictions and conversations of children and adults relating to their health and sexual life) and violates the fundamental rights of millions of children and adults.

Generally and indiscriminately analyzing the content of all private correspondence of unsuspected citizens by private companies, as if the post office opened all letters in search of illegal content, is not only unacceptable with regard to the right to privacy, including of children and victims themselves, but also specifically threatens human rights of minorities, LGBTQI people, political dissidents, journalists etc.

According to the Court of Justice a permanent automated analysis of communications is proportionate only if limited to suspects (case C-511/18), which the proposal is not.

Despite the proposed regulation those practices will continue to violate the GDPR (no legal basis for private actors to detect crime, lack of proportionality).

As demonstrated by the rising number of reports by companies using this method of general monitoring, such mass surveillance does not contain the circulation of illegal material but will only push it further underground, making it more difficult to prosecute.

Minority Position of Cornelia Enrst (GUE/NGL)

(pursuant to Rule 55(4))

The scanning of electronic communications that this regulation allows, in particular the scanning of text messages, constitutes a grave violation of the rights enshrined in Article 7 and 8 of the Charter of Fundamental Rights of the EU. It amounts to blanket surveillance that is never justified, not even to fight the most horrendous crime.

 


 

 

OPINION OF THE OF THE COMMITTEE ON WOMEN'S RIGHTS AND GENDER EQUALITY (2.12.2020)

for the Committee on Civil Liberties, Justice and Home Affairs

on the proposal for a regulation of the European Parliament and of the Council Temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

(COM(2020)0568 – C9‑0288/2020 – 2020/0259(COD))

 

Rapporteur for opinion: Christine Anderson

 

 

 

SHORT JUSTIFICATION

The issue of online child sex abuse is so grave and it entails such terrible consequences in all aspects of the life of the victim that by no means it can be taken lightly. In the same breath, the explosion of Internet use, its ever increasing numerous tools and applications have transformed it into a haven for consumers in search of porn content, of whom, according to data, the youngest ones range from the age of  12 to 17. The addiction to porn material has grave effects on the human mind, as pornography presents a severely distorted view of the human body, relationships and interactions between women and men. To this, one must add the growing problem of sexual cyber bullying targeting vulnerable women and girls, such as in the highly covered case of Mila. The latter, a French LGBT high school girl, had to be placed under protection in the beginning of the year 2020 and removed from her school following online rape and death threats on the Internet  after she had criticised Islam. Finally, cases of false allegations of sex abuse which have been brought out for years justify that Member States’ relevant authorities take all measures for the authors of these deliberately fabricated cases to be made fully legally liable. In general, from the stage of suspicion of sexual crime against a child all the way to the prosecution and sanctions taken towards the offender, all precautions and best practices have to be applied for Justice to prevail. As it appears, procedural errors or penal cases started because of false accusations of criminal sexual activity against children can at times disrupt the course of Justice by sanctioning innocent citizens. It is therefore crucial that the principle of presumption of innocence is never disregarded when a woman or a man becomes the object of suspicion of online child sex abuse. Tackling the problem of online child sex abuse at its roots requires, among other strategies, that schools and parents together join forces to educate their children to engage in relationships from an angle of respect for themselves, their body, their self-image, and respect for others. Respect for oneself and for others stems from an appreciation of the human person in their emotional and spiritual dimension, without the objectification of their body. Finally, we regret that not enough data concerning convicted child abusers is available and demand that competent actors step up their efforts in this regard. This does not contradict, however, the importance of taking measures regarding e-privacy rights only as far as it is necessary and legally authorised, as stated in the Commission proposal.   

AMENDMENTS

The Committee on Women's Rights and Gender Equality calls on the Committee on Civil Liberties, Justice and Home Affairs, as the committee responsible, to take into account the following amendments:

Amendment  1

Proposal for a regulation

Recital 4

 

Text proposed by the Commission

Amendment

(4) Sexual abuse and sexual exploitation of children constitute serious violations of human rights, in particular of the rights of children to be protected from all forms of violence, abuse and neglect, maltreatment or exploitation, including sexual abuse, as provided for by the 1989 United Nations Convention on the Rights of the Child and by the Charter. Digitisation has brought about many benefits for society and the economy, but also challenges including an increase of child sexual abuse online. The protection of children online is one of the Union's priorities. On 24 July 2020, the Commission adopted an EU strategy for a more effective fight against child sexual abuse9 (“the Strategy”), which aims to provide an effective response, at Union level, to the crime of child sexual abuse.

(4) Sexual abuse and sexual exploitation of children constitute serious violations of human rights, in particular of the rights of children to be protected from all forms of violence, abuse and neglect, maltreatment or exploitation, including sexual abuse, as provided for by the 1989 United Nations Convention on the Rights of the Child and by the Charter. In addition, the Istanbul Convention recognises that girls are often exposed to serious forms of gender-based violence including cyberviolence. Digitisation has brought about many benefits for society and the economy, but also challenges, notably increased child sexual abuse ans child sexual exploitation online, which has been exacerbated during the COVID-19 pandemic, resulting from broader access to potential victims and a sharp rise in the exchange of child sexual abuse material between child sexual offenders. There is also a growing number of cases of grooming during the COVID-19 pandemic, including an increase of self-generated content. Moreover, the increased misuse of privacy-enhancing technologies by offenders to disguise their horrendous actions has made it more difficult for law-enforcement authorities to prevent, detect, investigate and prosecute child sexual exploitation online. According to Europol, the proliferation of anonymisation tools and the higher amount of child sexual abuse material may also lead to a higher risk of repeat victimisation8a. The protection of children online is one of the Union's priorities as they are the most vulnerable in our society and not able to defend themselves.

_________________

_________________

 

8a Europol report "Exploiting isolation: Offenders and victims of online child sexual abuse during the Covid-19pandemic", published on 19 June 2020.

9 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, EU strategy for a more effective fight against child sexual abuse, 24.7.2020 COM(2020) 607 final.

 

Amendment  2

Proposal for a regulation

Recital 4 a (new)

 

Text proposed by the Commission

Amendment

 

(4 a) Girls and young women are particularly exposed to the risks of sexual abuse, as well as sexual exploitation and account for the overwhelming majority of cases of child sexual abuse online. According to THORN and the Canadian Centre for Child Protection 80% of the children victim of sexual abuse were girls. Figures from a 2019 report from INHOPE show that 91 % of victims were girls, 7 % were boys and the medianage of victims is decreasing with 92 % of victims under the age of 13.According to End Child Prostitution, Child Pornography & Trafficking of Children for Sexual Purposes (ECPAT) international report from 2017 child sexual offenders are predominantly male10a, which is relevant when it comes to the definition of key indicators. It is therefore important that girls and boys have access to safe, accessible and age appropriate channels to report the abuse without fear, in particular when the abuser is in the inner circle of the victim, since in such instances the reporting is low.

 

_________________

 

10a ECPAT Journal “End Child Sexual Exploitation international report”, published in April 2017; https://www.ecpat.org/wp-content/uploads/2017/04/Journal_No12-ebook.pdf

Amendment  3

Proposal for a regulation

Recital 4 b (new)

 

Text proposed by the Commission

Amendment

 

(4 b) On 24 July 2020, the Commission adopted an EU strategy for a more effective fight against child sexual abuse9b (“the Strategy”), which aims to provide an effective response, at Union level, to the crime of child sexual abuse with due regard to different forms of sexual abuse experienced by girls and boys. As part of the Strategy, the Commission announced that it will propose sector-specific legislation including “clear mandatory obligations to detect and report child and young girls sexual abuse online to bring more clarity and certainty to the work of both law enforcement and relevant actors in the private sector to tackle online abuse”. Nevertheless the strategy, there is a great need for preventive measures and a more targeted approach to take into account the specific circumstances and needs of various vulnerable groups of children, in particular girls.

 

_________________

 

9b Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, EU strategy fora more effective fight against child sexual abuse, 24.7.2020 COM(2020)0607 final.

Amendment  4

Proposal for a regulation

Recital 5

 

Text proposed by the Commission

Amendment

(5) Certain providers of number-independent interpersonal communications services, such as webmail and messaging services, are already using specific technologies to detect and report child sexual abuse online to law enforcement authorities and to organisations acting in the public interest against child sexual abuse, or to remove child sexual abuse material, on a voluntary basis. Those organisations refer to national hotlines for reporting child sexual abuse material, as well as to organisations whose purpose is to reduce child sexual exploitation, and prevent child victimisation, located both within the Union and in third countries. Collectively, those voluntary activities play a valuable role in enabling the identification and rescue of victims, and reducing the further dissemination of child sexual abuse material, while also contributing to the identification and investigation of offenders, and the prevention of child sexual abuse offences.

(5) Number-independent communication services have a major role to play in detecting cases of child sexual abuse online and in removing at source child sexual abuse material from their networks to avoid further victimisation as every new visualisation of the material is harmful for the victim. Underaged children must have access to safe, accessible and age appropriate channels to report the abuse without fear, in particular when the abuser is in the inner circle of the victim. Certain providers of number-independent interpersonal communications services, such as webmail and messaging services, are already using specific technologies to detect and report child sexual abuse online to law enforcement authorities and to organisations acting in the public interest against child sexual abuse and child exploitation, or to detect, remove and report child sexual abuse material in their services, on a voluntary basis. To enable the identification of the child victims and to properly identify detection errors by the providers, all the instances of possible child sexual abuse online should be reported to law enforcement authorities and to organisations acting in the public interest against child sexual abuse. Those organisations refer to national hotlines for reporting child sexual abuse material, as well as to organisations whose purpose is to reduce child sexual exploitation, and prevent child victimisation, located both within the Union and in third countries. Collectively, those voluntary activities play a valuable role in enabling the identification and rescue of victims, and reducing the further dissemination of child sexual abuse ans child sexual exploitation material, while also contributing to the identification and investigation of offenders, and the prevention of child sexual abuse and child sexual exploitation offences.

Amendment  5

Proposal for a regulation

Recital 6

 

Text proposed by the Commission

Amendment

(6) Until 20 December 2020, the processing of personal data by providers of number-independent interpersonal communications services by means of voluntary measures for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material is governed by Regulation (EU) 2016/679.

(6) Until 20 December 2020, the processing of personal data by providers of number-independent interpersonal communications services by means of voluntary measures for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse and child sexual exploitation material is governed by Regulation (EU) 2016/679.

Amendment  6

Proposal for a regulation

Recital 7

 

Text proposed by the Commission

Amendment

(7) Directive 2002/58/EC does not contain any specific provisions concerning the processing of personal and other data in connection with the provision of electronic communication services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material. However, pursuant to Article 15(1) of Directive 2002/58/EC, Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in, inter alia, Articles 5 and 6 of that Directive, which concern confidentiality of communications and traffic data, for the purpose of prevention, investigation, detection and prosecution of criminal offences linked to child sexual abuse. In the absence of such legislative measures, and pending the adoption of a new longer-term legal framework to tackle child sexual abuse effectively at Union level as announced in the Strategy, there would be no legal basis for providers of number-independent interpersonal communications services to continue to detect and report child sexual abuse online and remove child sexual abuse material in their services beyond 21 December 2020.

(7) Directive 2002/58/EC does not contain any specific provisions concerning the processing of personal and other data in connection with the provision of electronic communication services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material. However, pursuant to Article 15(1) of Directive 2002/58/EC, Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in, inter alia, Articles 5 and 6 of that Directive, which concern confidentiality of communications and traffic data, for the purpose of prevention, investigation, detection and prosecution of criminal offences linked to child sexual abuse. In the absence of such national legislative measures, and pending the adoption of a new longer-term legal framework to tackle child sexual abuse effectively at Union level as announced in the Strategy, there would be no legal basis for providers of number-independent interpersonal communications services to continue to detect and report child sexual abuse online and to detect, remove and report child sexual abuse material in their services beyond 21 December 2020.

Amendment  7

Proposal for a regulation

Recital 8

 

Text proposed by the Commission

Amendment

(8) This Regulation therefore provides for a temporary derogation from Article 5(1) and Article 6 of Directive 2002/58/EC, which protect the confidentiality of communications and traffic data. Since Directive 2002/58/EC was adopted on the basis of Article 114 of the Treaty on the Functioning of the European Union, it is appropriate to adopt this Regulation on the same legal basis. Moreover, not all Member States have adopted legislative measures at national level to restrict the scope of the rights and obligations provided for in those provisions in accordance with Article 15(1) of Directive 2002/58/EC, and the adoption of such measures involves a significant risk of fragmentation likely to negatively affect the internal market.

(8) This Regulation therefore provides for a temporary derogation from Article 5(1) and Article 6 of Directive 2002/58/EC, which protect the confidentiality of communications and traffic data. Voluntary measures by providers offering number-independent interpersonal communications services in the Union applied for the sole purpose of detecting and reporting child sexual abuse online and detecting, removing and reporting child sexual abuse material therefore become subject to the safeguards and conditions set out in this Regulation. Since Directive 2002/58/EC was adopted on the basis of Article 114 of the Treaty on the Functioning of the European Union, it is appropriate to adopt this Regulation on the same legal basis. Moreover, not all Member States have adopted legislative measures at national level to restrict the scope of the rights and obligations provided for in those provisions in accordance with Article 15(1) of Directive 2002/58/EC, and the adoption of such measures involves a significant risk of fragmentation likely to negatively affect the internal market and the protection of fundamental rights, notably the rights of children who fall victim to child sexual abuse online across the Union.

Amendment  8

Proposal for a regulation

Recital 11

 

Text proposed by the Commission

Amendment

(11) Since the sole objective of this Regulation is to enable the continuation of certain existing activities aimed at combating child sexual abuse online, the derogation provided for by this Regulation should be limited to well-established technology that is regularly used by number-independent interpersonal communications services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material before the entry into force of this Regulation.The reference to the technology includes where necessary any human review directly relating to the use of the technology and overseeing it. The use of the technology in question should therefore be common in the industry, without it necessarily being required that all providers use the technology and without precluding the further evolution of the technology in a privacy-friendly manner. In this respect, it should be immaterial whether or not a particular provider that seeks to rely on this derogation itself already uses such technology on the date of entry into force of this Regulation. The types of technologies deployed should be the least privacy-intrusive in accordance with the state of the art in the industry and should not include systematic filtering and scanning of communications containing text but only look into specific communications in case of concrete elements of suspicion of child sexual abuse.

(11) Since the sole objective of this Regulation is to enable the continuation of certain existing activities aimed at combating child sexual abuse online, the derogation provided for by this Regulation should be limited to well-established technology that is regularly used by number-independent interpersonal communications services for the purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material. The reference to the technology includes where necessary any human review directly relating to the use of the technology and overseeing it. The use of the technology in question should therefore be common in the industry, without it necessarily being required that all providers use the technology and without precluding the further evolution of the technology in a privacy-friendly manner. In this respect, it should be immaterial whether or not a particular provider that seeks to rely on this derogation itself already uses such technology on the date of entry into force of this Regulation. The types of technologies deployed should be the least privacy-intrusive in accordance with the state of the art in the industry. The technologies deployed must not be able to understand the content of the communications but solely be able to detect patterns of possible child sexual abuse.

Amendment  9

Proposal for a regulation

Recital 14

 

Text proposed by the Commission

Amendment

(14) In order to ensure transparency and accountability in respect of the activities undertaken pursuant to the derogation, the providers should publish reports on an annual basis on the processing falling within the scope of this Regulation, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, the numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

(14) In order to ensure transparency and accountability in respect of the activities undertaken pursuant to the derogation, the providers should publish reports on an annual basis on the processing falling within the scope of this Regulation, including on the type and volumes of data processed, number of cases of child sexual abuse identified with gender-disaggregated data, when possible, measures applied to select and improve key indicators, the numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

Amendment  10

Proposal for a regulation

Article 1 – paragraph 1

 

Text proposed by the Commission

Amendment

This Regulation lays down temporary and strictly limited rules derogating from certain obligations laid down in Directive 2002/58/EC, with the sole objective of enabling providers of number-independent interpersonal communications services to continue the use of technologies for the processing of personal and other data to the extent necessary to detect and report child sexual abuse online and remove child sexual abuse material on their services.

This Regulation lays down temporary and strictly limited rules derogating from certain obligations laid down in Directive 2002/58/EC, with the sole objective of enabling providers of number-independent interpersonal communications services to use technologies for the processing of personal data to the extent necessary and proportionate to detect and report child sexual abuse online and detect, report and remove child sexual abuse material on their services.

Amendment  11

Proposal for a regulation

Article 2 – paragraph 1 – point 2 – point a

 

Text proposed by the Commission

Amendment

(a) material constituting child pornography as defined in Article 2, point (c), of Directive 2011/93/EU of the European Parliament and of the Council;

deleted

Amendment  12

Proposal for a regulation

Article 2 – paragraph 1 – point 2 – point a a (new)

 

Text proposed by the Commission

Amendment

 

(a a) ‘solicitation’as:

 

(i) the proposal by an adult to meet a child who has not reached the age of sexual consent, for the purpose of committing any of the offences referred to in Article 3(4) and Article 5(6) of Directive 2011/93/EU;

 

(ii) an attempt to commit the offences provided for in Article 5(2) and (3) by an adult soliciting a child who has not reached the age of sexual consent to provide child pornography depicting that child.

Amendment  13

Proposal for a regulation

Article 2 – paragraph 1 – point 2 – point b

 

Text proposed by the Commission

Amendment

(b) solicitation of children for the purpose of engaging in sexual activities with a child or of producing child pornography by any of the following:

deleted

(i) luring the child by means of offering gifts or other advantages;

 

(ii) threatening the child with a negative consequence likely to have a significant impact on the child;

 

(iii) presenting the child with pornographic materials or making them available to the child .

 

Amendment  14

Proposal for a regulation

Article 2 – paragraph 1 – point 2 – point c

 

Text proposed by the Commission

Amendment

(c) ‘pornographic performance’ as defined in Article 2(e) of Directive 2011/93/EU.

(c) ‘pornographic performance’ as defined in Article 2(e) of Directive 2011/93/EU, including revenge porn.

Amendment  15

Proposal for a regulation

Article 2 – paragraph 1 – point 2 – point c a (new)

 

Text proposed by the Commission

Amendment

 

(c a) ‘sex extortion’

Amendment  16

Proposal for a regulation

Article 2 – paragraph 1 – point 2 a (new)

 

Text proposed by the Commission

Amendment

 

(2 a) ‘child’means any person below the age of sexual consent;

Amendment  17

Proposal for a regulation

Article 2 – paragraph 1 – point 2 b (new)

 

Text proposed by the Commission

Amendment

 

(2 b) ‘child sexual abuse material’ means:

 

(a) material constituting child pornography as defined in Article 2, point (c), of Directive 2011/93/EU of the European Parliament and of the Council;

 

(b) material constituting ‘child prostitution’ as defined in Article 2, point (d), of Directive 2011/93/EU of the European Parliament and of the Council.

Amendment  18

Proposal for a regulation

Article 3 – paragraph 1 – introductory part

 

Text proposed by the Commission

Amendment

The specific obligations set out in Article 5(1) and Article 6 of Directive 2002/58/EC shall not apply to the processing of personal and other data in connection with the provision of number-independent interpersonal communications services strictly necessary for the use of technology for the sole purpose of removing child sexual abuse material and detecting or reporting child sexual abuse online to law enforcement authorities and to organisations acting in the public interest against child sexual abuse, provided that:

The specific obligations set out in Article 5(1) and Article 6 of Directive 2002/58/EC shall not apply to the processing of personal data in connection with the provision of number-independent interpersonal communications services strictly necessary for the use of technology for the sole purpose of detecting and removing child sexual abuse material and detecting child sexual abuse online or reporting both to law enforcement authorities and to organisations acting in the public interest against child sexual abuse, provided that:

Amendment  19

Proposal for a regulation

Article 3 – paragraph 1 – point a

 

Text proposed by the Commission

Amendment

(a) the processing is proportionate and limited to well-established technologies regularly used by providers of number-independent interpersonal communications services for that purpose before the entry into force of this Regulation, and that are in accordance with the state of the art used in the industry and are the least privacy-intrusive;

(a) the processing is proportionate and limited to well-established technologies regularly used by providers of number-independent interpersonal communications services for that purpose, and that are in accordance with the state of the art used in the industry and are the least privacy-intrusive;

Amendment  20

Proposal for a regulation

Article 3 – paragraph 1 – point d

 

Text proposed by the Commission

Amendment

(d) the processing is limited to what is strictly necessary for the purpose of detection and reporting of child sexual abuse online and removal of child sexual abuse material and, unless child sexual abuse online has been detected and confirmed as such, is erased immediately;

(d) the processing is limited to what is strictly necessary for the purpose of detection and reporting of child sexual abuse online and detection, reporting and removal of child sexual abuse material and. Where no child sexual abuse online has been detected and confirmed as such, the relevant data shall be retained solely for the following purpose and only for the time period necessary:

Amendment  21

Proposal for a regulation

Article 3 – paragraph 1 – point d – indent 1 (new)

 

Text proposed by the Commission

Amendment

 

- for its reporting and to respond to proportionate requests by law enforcement and other relevant public authorities;

Amendment  22

Proposal for a regulation

Article 3 – paragraph 1 – point d – indent 2 (new)

 

Text proposed by the Commission

Amendment

 

- for the blocking of the concerned user’s account;

Amendment  23

Proposal for a regulation

Article 3 – paragraph 1 – point d – indent 3 (new)

 

Text proposed by the Commission

Amendment

 

- in relation to data reliably identified as child pornography, for the creation of a unique, non-reconvertible digital signature (‘hash’);

Amendment  24

Proposal for a regulation

Article 3 – paragraph 1 – point d – indent 4 (new)

 

Text proposed by the Commission

Amendment

 

- for proceedings of administrative or judicial review or remedy.

Amendment  25

Proposal for a regulation

Article 3 – paragraph 1 – point e

 

Text proposed by the Commission

Amendment

(e) the provider annually publishes a report on its related processing, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

(e) the provider annually publishes a report on its related processing, including on the type and volumes of data processed, number of cases of child sexual abuse and child sexual abuse material identified, reported and removed, showing gender disaggregated data, when possible, measures applied to select and improve key indicators, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied.

Amendment  26

Proposal for a regulation

Article 3 – paragraph 2

 

Text proposed by the Commission

Amendment

As regards point (d), where child sexual abuse online has been detected and confirmed as such, the relevant data may be retained solely for the following purposes and only for the time period necessary:

deleted

— for its reporting and to respond to proportionate requests by law enforcement and other relevant public authorities;

 

— for the blocking of the concerned user’s account;

 

— in relation to data reliably identified as child pornography, for the creation of a unique, non-reconvertible digital signature (‘hash’).

 

Justification

Moved up to (d)

 

 



 

PROCEDURE – COMMITTEE ASKED FOR OPINION

Title

Temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

References

COM(2020)0568 – C9-0288/2020 – 2020/0259(COD)

Date submitted to Parliament

10.9.2020

 

 

 

Committee responsible

 Date announced in plenary

LIBE

17.9.2020

 

 

 

Committees asked for opinions

 Date announced in plenary

ITRE

17.9.2020

IMCO

17.9.2020

CULT

17.9.2020

FEMM

17.9.2020

Not delivering opinions

 Date of decision

ITRE

15.10.2020

IMCO

27.10.2020

CULT

1.10.2020

 

Rapporteurs

 Date appointed

Birgit Sippel

21.9.2020

 

 

 

Discussed in committee

24.9.2020

16.11.2020

7.12.2020

 

Date adopted

7.12.2020

 

 

 

Result of final vote

+:

–:

0:

53

9

2

Members present for the final vote

Magdalena Adamowicz, Konstantinos Arvanitis, Malik Azmani, Katarina Barley, Pernando Barrena Arza, Pietro Bartolo, Nicolas Bay, Vladimír Bilčík, Vasile Blaga, Ioan-Rareş Bogdan, Patrick Breyer, Saskia Bricmont, Jorge Buxadé Villalba, Damien Carême, Anna Júlia Donáth, Lena Düpont, Cornelia Ernst, Nicolaus Fest, Jean-Paul Garraud, Maria Grapini, Sylvie Guillaume, Andrzej Halicki, Evin Incir, Sophia in ‘t Veld, Patryk Jaki, Lívia Járóka, Marina Kaljurand, Assita Kanko, Fabienne Keller, Peter Kofod, Łukasz Kohut, Moritz Körner, Alice Kuhnke, Jeroen Lenaers, Juan Fernando López Aguilar, Nuno Melo, Roberta Metsola, Nadine Morano, Javier Moreno Sánchez, Maite Pagazaurtundúa, Nicola Procaccini, Emil Radev, Paulo Rangel, Ralf Seekatz, Michal Šimečka, Birgit Sippel, Martin Sonneborn, Tineke Strik, Ramona Strugariu, Annalisa Tardino, Tomas Tobé, Dragoş Tudorache, Milan Uhrík, Tom Vandendriessche, Bettina Vollath, Javier Zarzalejos

Substitutes present for the final vote

Delara Burkhardt, Andor Deli, Leopoldo López Gil, Kostas Papadakis, Anne-Sophie Pelletier, Rob Rooken, Domènec Ruiz Devesa, Hilde Vautmans, Petar Vitanov

 


FINAL VOTE BY ROLL CALL IN COMMITTEE ASKED FOR OPINION

27

+

ECR

Andżelika Anna Możdżanowska, Jessica Stegrud

GUE/NGL

Elena Kountoura

ID

Simona Baldassarre, Annika Bruna, Isabella Tovaglieri

Renew

Radka Maxová, Samira Rafaela, María Soraya Rodríguez Ramos, Hilde Vautmans, Chrysoula Zacharopoulou

PPE

Lena Düpont, Rosa Estaràs Ferragut, Frances Fitzgerald, Cindy Franssen, Lívia Járóka, Arba Kokalari, Elżbieta Katarzyna Łukacijewska, Sirpa Pietikäinen, Elissavet Vozemberg‑Vrionidi,

S&D

Robert Biedroń, Vilija Blinkevičiūtė, Heléne Fritzon, Lina Gálvez Muñoz, Pina Picierno, Evelyn Regner, Vera Tax

 

4

-

Verts/ALE

Alice Kuhnke, Diana Riba i Giner, Sylwia Spurek, Ernest Urtasun

 

3

0

ECR

Margarita de la Pisa Carrión

GUE/NGL

Silvia Modig

ID

Christine Anderson

 

Key to symbols:

+ : in favour

- : against

0 : abstention

 

 

 

 

 

 


 

 

 


 

ANNEX: LIST OF ENTITIES OR PERSONS FROM WHOM THE RAPPORTEUR HAS RECEIVED INPUT

- Access Now

- Australian eSafety Commissioner

- Bundesrechtsanwaltskammer (BRAK)

- Canadian Centre for Child Protection

- cdt - Center for Democracy & Technology 

- eco - Association of the Internet Industry

- EDPS

- EDRI 

- Facebook

- Fundamental Rights Agency

- Improving the digital environment for children (regrouping several child protection NGOs across the EU and beyond, including Missing Children Europe, Child Focus)

- INHOPE – the International Association of Internet Hotlines

- International Justice Mission Deutschland e.V./ We Protect

- Internet Watch Foundation

- Internet Society

- Match Group

- Microsoft

- Thorn (Ashton Kutcher)

- UNICEF

- UN Special Rapporteur on the right to privacy

- World Childhood Foundation Deutschland

 


PROCEDURE – COMMITTEE RESPONSIBLE

Title

Temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting child sexual abuse online

References

COM(2020)0568 – C9-0288/2020 – 2020/0259(COD)

Date submitted to Parliament

10.9.2020

 

 

 

Committee responsible

 Date announced in plenary

LIBE

17.9.2020

 

 

 

Committees asked for opinions

 Date announced in plenary

ITRE

17.9.2020

IMCO

17.9.2020

CULT

17.9.2020

FEMM

17.9.2020

Not delivering opinions

 Date of decision

ITRE

15.10.2020

IMCO

27.10.2020

CULT

1.10.2020

 

Rapporteurs

 Date appointed

Birgit Sippel

21.9.2020

 

 

 

Discussed in committee

24.9.2020

16.11.2020

7.12.2020

 

Date adopted

7.12.2020

 

 

 

Result of final vote

+:

–:

0:

53

9

2

Members present for the final vote

Magdalena Adamowicz, Konstantinos Arvanitis, Malik Azmani, Katarina Barley, Pernando Barrena Arza, Pietro Bartolo, Nicolas Bay, Vladimír Bilčík, Vasile Blaga, Ioan-Rareş Bogdan, Patrick Breyer, Saskia Bricmont, Jorge Buxadé Villalba, Damien Carême, Anna Júlia Donáth, Lena Düpont, Cornelia Ernst, Nicolaus Fest, Jean-Paul Garraud, Maria Grapini, Sylvie Guillaume, Andrzej Halicki, Evin Incir, Sophia in ‘t Veld, Patryk Jaki, Lívia Járóka, Marina Kaljurand, Assita Kanko, Fabienne Keller, Peter Kofod, Łukasz Kohut, Moritz Körner, Alice Kuhnke, Jeroen Lenaers, Juan Fernando López Aguilar, Nuno Melo, Roberta Metsola, Nadine Morano, Javier Moreno Sánchez, Maite Pagazaurtundúa, Nicola Procaccini, Emil Radev, Paulo Rangel, Ralf Seekatz, Michal Šimečka, Birgit Sippel, Martin Sonneborn, Tineke Strik, Ramona Strugariu, Annalisa Tardino, Tomas Tobé, Dragoş Tudorache, Milan Uhrík, Tom Vandendriessche, Bettina Vollath, Javier Zarzalejos

Substitutes present for the final vote

Delara Burkhardt, Andor Deli, Leopoldo López Gil, Kostas Papadakis, Anne-Sophie Pelletier, Rob Rooken, Domènec Ruiz Devesa, Hilde Vautmans, Petar Vitanov

Date tabled

11.12.2020

 


 

FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

53

+

EPP

Magdalena ADAMOWICZ, Vladimír BILČÍK, Vasile BLAGA, Ioan-Rareş BOGDAN, Andor DELI, Lena DÜPONT, Andrzej HALICKI, Lívia JÁRÓKA, Jeroen LENAERS, Leopoldo LÓPEZ GIL, Nuno MELO, Roberta METSOLA, Nadine MORANO, Emil RADEV, Paulo RANGEL, Ralf SEEKATZ, Tomas TOBÉ, Javier ZARZALEJOS

S&D

Katarina BARLEY, Pietro BARTOLO, Delara BURKHARDT, Maria GRAPINI, Sylvie GUILLAUME, Evin INCIR, Marina KALJURAND, Łukasz KOHUT, Juan Fernando LÓPEZ AGUILAR, Javier MORENO SÁNCHEZ, Domènec RUIZ DEVESA, Birgit SIPPEL, Petar VITANOV, Bettina VOLLATH

RENEW

Malik AZMANI, Anna Júlia DONÁTH, Sophia in 't VELD, Fabienne KELLER, Moritz KÖRNER, Maite PAGAZAURTUNDÚA, Michal ŠIMEČKA, Ramona STRUGARIU, Hilde VAUTMANS

ID

Nicolas BAY, Nicolaus FEST, Jean-Paul GARRAUD, Peter KOFOD, Annalisa TARDINO, Tom VANDENDRIESSCHE

GREENS/EFA

Alice KUHNKE

ECR

Jorge BUXADÉ VILLALBA, Patryk JAKI, Assita KANKO, Nicola PROCACCINI

NI

Martin SONNEBORN

 

9

-

GREENS/EFA

Patrick BREYER, Saskia BRICMONT, Damien CARÊME, Tineke STRIK

EUL/NGL

Konstantinos ARVANITIS, Pernando BARRENA ARZA, Cornelia ERNST, Anne-Sophie PELLETIER

NI

Kostas PAPADAKIS

 

2

0

ECR

Rob ROOKEN

NI

Milan UHRÍK

 

Key to symbols:

+ : in favour

- : against

0 : abstention

 

 

Last updated: 11 December 2020
Legal notice - Privacy policy