EU plan to fight online child sexual abuse raises privacy concerns

Policymakers have long wrestled with tech giants over the potential abuse of encrypted messaging services such as WhatsApp and iMessage.

Chesnot | Getty Images

The European Union on Wednesday unveiled tough new proposals that would require online platforms to more aggressively screen and remove child abuse online.

Proposed legislation would allow EU countries to ask courts to order companies like Facebook parent company Meta and Apple to implement systems that can detect child sexual abuse material on their platforms.

A new EU Centre on Child Sexual Abuse will be established to enforce the measures. The EU Centre will maintain a database with digital “indicators” of child sexual abuse content reported by law enforcement. It’s similar to a system that was proposed by Apple last year.

“We are failing to protect children today,” Ylva Johansson, the EU commissioner for home affairs, said at a press conference Wednesday.

She called the plan a “groundbreaking proposal” that would make Europe a global leader in the fight against child sexual abuse online.

It comes after the EU last month agreed on landmark rules requiring tech firms to more rapidly take down hate speech and other illegal content from their platforms.

Privacy ‘disaster’

Privacy activists fear the new EU bill may undermine end-to-end encryption, which scrambles messages in such a way that they can only be viewed by the intended recipient.

The proposal is “incompatible with end-to-end encryption and with basic privacy rights,” said Joe Mullin, senior policy analyst at the digital rights group Electronic Frontier Foundation.

“There’s no way to do what the EU proposal seeks to do, other than for governments to read and scan user messages on a massive scale,” Mullin said. “If it becomes law, the proposal would be a disaster for user privacy not just in the EU but throughout the world.”

Policymakers on either side of the Atlantic have long wrestled with tech giants over the potential abuse of encrypted messaging services such as WhatsApp and iMessage. Several governments are calling for so-called “backdoors,” which would allow them to bypass privacy controls.

“We look forward to working with the EU to inform the legislative process on how we ensure the safety of children, both offline and online,” a spokesperson for Meta told CNBC.

“It’s important that any measures adopted do not undermine end-to-end encryption which protects the safety and privacy of billions of people, including children.”

‘Technologically neutral’

While Brussels said the proposed obligations are “technologically neutral,” it warned the consequences of leaving end-to-end encryption out of the requirements would be “severe” for children.

The U.S. National Center for Missing & Exploited Children estimates that over half of its child exploitation reports will disappear with end-to-end encryption, leaving abuse undetected.

But privacy activists believe measures to erode encrypted communications would be ineffective.

“Criminals are already using distribution channels that would not be affected by these scans and will easily escape scans in the future,” Linus Neumann of the German hacker collective Chaos Computer Club, told CNBC.

However, advocates of the bill say it’s a necessary step toward eradicating child abuse on the internet.

The Brave Movement, an organization campaigning for child safety, said the laws would “ensure the safety of children, adolescents and future generations.”

“In the EU, digital spaces are in some cases completely unregulated – exposing children to the threat of horrific sexual violence and exploitation,” said Wibke Müller, co-founder of the Brave Movement, in a statement.

Müller, a survivor of child sexual abuse herself, said tech companies already “have the tools to detect and remove online sexual violence materials” and should “prioritize child safety ahead of anything else.”