The European Commission yesterday proposed new EU legislation to prevent and combat child sexual abuse online which is pervasive, noting that 85 million pictures and videos depicting child sexual abuse were reported worldwide in 2021 alone, and many more going unreported.
"The sheer amount of child sexual abuse material circulating on the web is dumbfounding. And shamefully, Europe is the global hub for most of this material. So it is really very much a question of if we do not act then who will? The rules we are proposing set clear, targeted and proportionate obligations for service providers to detect and remove illegal child sexual abuse content. What services will be allowed to do will be very tightly ring-fenced with strong safeguards in place – we are only talking about a programme scanning for markers of illegal content in the same way cybersecurity programmes run constant checks for security breaches.” said Margaritis Schinas, Vice-President for Promoting our European Way of Life.
The COVID-19 pandemic has exacerbated the issue, with the Internet Watch foundation noting a 64% increase in reports of confirmed child sexual abuse in 2021 compared to the previous year. The current system based on voluntary detection and reporting by companies has proven to be insufficient to adequately protect children and, in any case, will no longer be possible once the interim solution currently in place expires. Up to 95% of all reports of child sexual abuse received in 2020 came from one company, despite clear evidence that the problem does not only exist on one platform.
To effectively address the misuse of online services for the purposes of child sexual abuse, clear rules are needed, with robust conditions and safeguards. The proposed rules will oblige providers to detect, report and remove child sexual abuse material on their services. Providers will need to assess and mitigate the risk of misuse of their services and the measures taken must be proportionate to that risk and subject to robust conditions and safeguards.
A new independent EU Centre on Child Sexual Abuse (EU Centre) will facilitate the efforts of service providers by acting as a hub of expertise, providing reliable information on identified material, receiving and analysing reports from providers to identify erroneous reports and prevent them from reaching law enforcement, swiftly forwarding relevant reports for law enforcement action and by providing support to victims.
The new rules will help rescue children from further abuse, prevent material from reappearing online, and bring offenders to justice. Those rules will include:
- Mandatory risk assessment and risk mitigation measures: Providers of hosting or interpersonal communication services will have to assess the risk that their services are misused to disseminate child sexual abuse material or for the solicitation of children, known as grooming. Providers will also have to propose risk mitigation measures.
- Targeted detection obligations, based on a detection order: Member States will need to designate national authorities in charge of reviewing the risk assessment. Where such authorities determine that a significant risk remains, they can ask a court or an independent national authority to issue a detection order for known or new child sexual abuse material or grooming. Detection orders are limited in time, targeting a specific type of content on a specific service.
- Strong safeguards on detection: Companies having received a detection order will only be able to detect content using indicators of child sexual abuse verified and provided by the EU Centre. Detection technologies must only be used for the purpose of detecting child sexual abuse. Providers will have to deploy technologies that are the least privacy-intrusive in accordance with the state of the art in the industry, and that limit the error rate of false positives to the maximum extent possible.
- Clear reporting obligations: Providers that have detected online child sexual abuse will have to report it to the EU Centre.
- Effective removal: National authorities can issue removal orders if the child sexual abuse material is not swiftly taken down. Internet access providers will also be required to disable access to images and videos that cannot be taken down, e.g., because they are hosted outside the EU in non-cooperative jurisdictions.
- Reducing exposure to grooming: The rules require app stores to ensure that children cannot download apps that may expose them to a high risk of solicitation of children.
- Solid oversight mechanisms and judicial redress: Detection orders will be issued by courts or independent national authorities. To minimise the risk of erroneous detection and reporting, the EU Centre will verify reports of potential online child sexual abuse made by providers before sharing them with law enforcement authorities and Europol. Both providers and users will have the right to challenge any measure affecting them in Court.
The new EU Centre will support:
- Online service providers, in particular in complying with their new obligations to carry out risk assessments, detect, report, remove and disable access to child sexual abuse online, by providing indicators to detect child sexual abuse and receiving the reports from the providers;
- National law enforcement and Europol, by reviewing the reports from the providers to ensure that they are not submitted in error, and channeling them quickly to law enforcement. This will help rescue children from situations of abuse and bring perpetrators to justice.
- Member States, by serving as a knowledge hub for best practices on prevention and assistance to victims, fostering an evidence-based approach.
- Victims, by helping them to take down the materials depicting their abuse.