Home News > CSAM – The balance between privacy and child protection

CSAM – The balance between privacy and child protection

Children’s sustained development is a crucial prerogative for a safe and sound future of Europe.

Article 3(3) TEU establishes the objective for the EU to protect and promote the rights of the child (1). Moreover, the EU Charter of Fundamental Rights explicitly establishes an obligation to protect children’s best interests (2). To that end, the fight against child sexual abuse, and children’s rights online, are both priorities on the EU legislative agenda, as confirmed in the 2020 EU strategy (3). This interest unfolds against the background of increasing reports of online child abuse and calls from civil society and children’s rights advocates for more stringent regulation (4). Companies have already taken voluntary steps to address these dangers, partnering with experts and investing in research and development of technologies to identify the indicators of child exploitation online more accurately (5).

On 11 May 2022, the Commission made its proposal for a Regulation laying down rules to prevent and combat online child sexual abuse. (6) The Regulation introduces new detection, monitoring, and reporting obligations for online service providers in relation to child sexual abuse material. Despite its honourable objective, the proposal has become a strong point of contention among political actors and civil society alike, given its severely privacy-intrusive nature. As such, the Commission’s proposal requires providers of hosting and/or interpersonal communication services that have received a detection order to detect the dissemination of child sexual abuse material (7).

The proposal was harshly criticised by both the Parliament and the Council, for failing to sufficiently consider the interference with the right to privacy and the right to data protection that screening of all communications entails. As argued by the Legal Service of the Council, the detection obligation may entail generalised screening of metadata and communications. This is especially contentious, given the CJEU’s jurisprudence, whereas Case C-293/12 Digital Rights Ireland prohibits generalised access to the content of electronic communications (8). According to that ruling, widespread acquisition and retention of data on the content of electronic communications of private users amounts to a grave interference with the right to privacy, that is bound to adversely affect the essence of that right (9). Moreover, such access would entail a de facto weakening, if not prohibition, of end-to-end encryption and other cybersecurity measures.

In the European Parliament, the amendments proposed by the LIBE committee expand the scope of the proposed legislative act to include online search engines (10). Moreover, they explicitly prohibit the weakening of end-to-end encryption and call for detection orders as a last resort measure, introducing targeted monitoring obligations to avoid generalised monitoring (11). However, even  targeted monitoring represents a serious interference with the right to privacy, which therefore requires a careful balancing of the interests involved.

Given the contentious nature of this proposal, its adoption has been long delayed, as its fine details are still the subject of strong debates between the various stakeholders and institutions. However, it appears that the legislative process has been reignited, following the European Parliament’s agreement to the draft in late 2023. At Spark, we are closely monitoring the progress of this legislative proposal, as well as carefully assessing the ultimate balance that is being struck between privacy and children’s rights. As such, we look forward to the final version of this proposal!

Subscribe to our newsletter

Our newsletter contains information about Spark’s finalised and ongoing projects, activities and conferences we attend. In the newsletter we may also send you advertising information about services we offer. You can withdraw your consent to receive our newsletter at any time. For details, please consult our Privacy Policy.

We use MailChimp as our marketing platform. By subscribing, you aknowledge that your information will be transferred toMailChimp for processing. Learn more about MailChimp's privacy practices.