time is running out…..

There is 7 days to go until the ePrivacy regulation comes into force in the EU.  It actually passed in 2018 but member countries were given 2 years to prepare and so it “goes live” on 20th of December 2020.  [1] A temporary derogation applied for by the Commision has passed committe stage and now must get a reading in the plenary before being the subject of a trilogue. Is all this possible in 7 days?

Because it’s a regulation rather than a directive, it effectively supersedes existing law in member countries and therefore any laws passed locally since 2002 to meet the ePrivacy directive are effectively repealed.

The regulation, aimed at companies providing communication services in the EU, seeks to guarantee privacy through ensuring no interference or tracking of communications for marketing or other purposes.

One of the key unintended consequences of this regulation is that voluntary actions by the same companies to find, remove and report Child Sexual Abuse Material (CSAM) or Grooming activities on their networks will stop because companies cannot risk that they will be seen as illegal.

These voluntary actions are hard fought chips in the self-regulation wall that activists and advocates, even within the companies themselves, have achieved.  Stopping them in this manner is ridiculous and reduces the safeguarding opportunities for children being actively harmed.  Companies scan for CSAM with advanced technologies to ensure the privacy of their users in the same way they find, remove and report SPAM and malware.  Comparisons to someone at the post office opening every letter “IRL” are facetious and unhelpful.

Child abuse communication, whether grooming or CSAM, universally happens in private and the only people who know about it are the child and the abuser.  When the abuser shares the material there is an increased chance that it will be found, removed and reported to the police who can then take action to make the child safe.  There are very few other ways for people to find out about the abuse and help the child.

In an effort to avoid this unintended consequence the EU Commission has put a temporary derogation before EU lawmakers to stay just two articles within the regulation that will allow the voluntary actions to continue in the area of child abuse online only until they can get the law needed in place.  This temporary derogation has passed the committee stage and now will get its first reading in the EU Parliament then move into a formal “trilogue” or interinstitutional talks. 

The question is when?  The EU Parliament meets next week in plenary.  Will they do the first reading then?  When will the Trilogue meeting take place?  How long will it take?  Will they have this finalised and passed (without too much dilution) by 20th of December? 

I certainly hope so.

Here is what you can do:

Sign the petition

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.


[1] It’s full name is actually “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)” and it repeals the ePrivacy Directive of 2002.