Should I consider specialising in personal injury law as a career?
July 30, 2024Event Summary: The burden of being the only one in the room
August 1, 2024Article by Reva Naidu
Introduction
The EU’s ‘Chat Control’ Legislation refers to a proposal for a regulation of the European Parliament and Council, laying down rules to prevent and combat child sexual abuse, first put forward in 2022. It has failed to pass for a fourth time in the European Union Council and has faced opposition from organisations such as the Electronic Frontier Foundation, ICCL Ireland, DigitalCourage Germany, and CDTEurope, amongst others. This article dives into the context, purpose, and proposed steps of this regulation and why it has been drastically unpopular, with governments and citizens alike.
Context and Purpose
The goal of the proposal is to provide a uniform and transparent legal framework for stopping and combatting child sexual abuse and grooming over the internet. By striking a balance between the rights of children, other digital users, and internet service providers, it aims to give providers legal certainty regarding their obligations to assess and mitigate risks. It also equips these providers with the ability to detect, report, and remove such abuse on their services when necessary, in a manner consistent with the fundamental rights outlined in the European Union Charter and as general principles of EU law.
The proposal emerged as a part of the EU’s 2020 Strategy for a More Effective Fight Against Child Sexual Abuse, and its 2021 Strategy for the Rights of the Child, both of which stemmed from a survey by The Economist that found half the children surveyed to have faced sexual abuse online. The proposal has been given a legal basis by The United Nations Convention on the Rights of the Child and Article 24(2) of the EU Charter, which protects children’s best interests and well-being. Article 114 TFEU was also used by proposers to strengthen its legal foundation.
Steps Proposed and Reasoning
Through the bulk scanning of all digital messaging, including encrypted communication, for signs of child sexual abuse (CSA), the plan seeks to accomplish the aforementioned objectives. All correspondence, including messages, photographs, and links would be scanned, and service providers like Telegram, Signal, and WhatsApp having to install ‘vetting technology’ for this purpose. Personal storage software, like Apple iCloud and Google Drive, are also covered under this legislation. It would require stringent age verification for websites that may contain harmful material, limiting access to them. Artificial Intelligence (AI) and machine learning may be one of the tools implemented through the legislation to scan for CSAM. Additionally, it includes specific requirements for some providers to identify this kind of abuse, report it to the EU Centre and, upon request, remove or prevent access to any online content that involves child sexual abuse.
The reasoning for these steps which were developed through impact assessments, is that voluntary measures by digital platforms and service providers had not been successful in combating online child sexual abuse to date. It has been suggested that only standardised regulations enforced at the Union level could effectively prevent the fragmentation of the Digital Single Market for internet services. These impact assessments also found that national legislation had caused legal fragmentation and had been inefficient at preventing digital CSAM from being produced and distributed, and thus, an EU-wide homogenised regulation was proposed.
Government Positions
The countries in support of the Chat Control Proposal were Belgium, Bulgaria, Croatia, Cyprus, Denmark, Finland, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Portugal, Romania, Slovakia, Spain, and Sweden while the only two countries were in opposition – Germany and Poland.
Estonia, Netherlands, Slovenia, the Czech Republic, and Austria abstained from taking a position, as of July 2024.
Concerns – What Opposers Say
The primary legislation; hailed as anti-democratic, has been considered a form of mass surveillance that may be against the fundamental rights of EU citizens. It is alleged that it violates users’ privacy in terms of the security of their data as users must grant permission for the vetting technology to scan and access their communication, at the risk of not being able to share any at all. Encrypted data being broken and accessible to this technology is also a major privacy and data breach. The strict age-verification may prevent teenagers and young adults from accessing messaging apps, deemed as ‘digital house arrest’. A deepening concern is the lack of transparency about the AI and machine-learning algorithms that would likely be established to undertake the scanning.
In fact, even organisations that have the sole aim of preventing CSA, such as Germany’s Federal Child Protection Association recently labelled it as ‘ineffective and disproportionate’. The United Nations, and UNICEF, have implied that breaking encrypted communication poses a risk to user’s privacy and self-expression, making them prone to identity theft and similar fraudulent activities. It also poses a threat to those that require secure and unbreachable communication lines for their profession, such as lawyers and journalists.
Patrick Breyer, a member of the EU Parliament, has been one of the strongest voices opposing the ‘Chat Control’ legislation – he encourages EU citizens to sign petitions against it as he believes the legislation breaches their civil liberties. Breyer, along with other opposers of Chat Control, have suggested alternatives to prevent online grooming and digital CSAM by addressing the very cause of it through training, awareness campaigns, and improved funding to national and international charitable organisations fighting CSA. Other steps could be enhancing focus on digital and media literacy education for adolescents and young adults, equipping them with sufficient tools and knowledge to protect themselves online, rather than restricting their access to digital content.
Legal Implications and Considerations
Article 8 of the European Convention on Human Rights (ECHR) states: Everyone has the right to respect for his private and family life, his home and his correspondence. Thus, the ‘Chat Control’ legislation seems to be incompatible with this right. It may also threaten Article 10 – that everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
Considering precedents in case law and secondary legislation, in the landmark 2024 case Podchasov v. Russia, the European Court of Human Rights held that encryption deterioration can result in widespread, indiscriminate monitoring of all users’ communications, which is a violation of their right to private life and freedom of self-expression. Once again, the proposed regulation seems to violate existing decisions of the ECHR, weakening its legal basis.
Further Steps and Developments
Changes to the legislation have been proposed as of June 2024 and are focussed on empowering digital safety rather than blocking online access. Communication scanning would only take place with users’ consent, and professional accounts belonging to members of the military, police, and intelligence community would not have their communications and chats scanned.
Yet, these changes may not be sufficient to protect user privacy. If this primary legislation were to be passed, opposers and naysayers believe it could create a landslide of more legislation that could further threaten user privacy by allowing law enforcement agencies to access their data. This is seen from the HLG meetings scheduled for this year that aim to examine obstacles that law enforcement agencies encounter in their day-to-day operations regarding data access and possible ways to address them. The goal is to guarantee that law enforcement has the resources necessary to combat crime and improve public safety in the digital era, while upholding fundamental rights.
The Council and Parliament will consider the proposal further in October and December of this year.