time is running out…..

There is 7 days to go until the ePrivacy regulation comes into force in the EU.  It actually passed in 2018 but member countries were given 2 years to prepare and so it “goes live” on 20th of December 2020.  [1] A temporary derogation applied for by the Commision has passed committe stage and now must get a reading in the plenary before being the subject of a trilogue. Is all this possible in 7 days?

Because it’s a regulation rather than a directive, it effectively supersedes existing law in member countries and therefore any laws passed locally since 2002 to meet the ePrivacy directive are effectively repealed.

The regulation, aimed at companies providing communication services in the EU, seeks to guarantee privacy through ensuring no interference or tracking of communications for marketing or other purposes.

One of the key unintended consequences of this regulation is that voluntary actions by the same companies to find, remove and report Child Sexual Abuse Material (CSAM) or Grooming activities on their networks will stop because companies cannot risk that they will be seen as illegal.

These voluntary actions are hard fought chips in the self-regulation wall that activists and advocates, even within the companies themselves, have achieved.  Stopping them in this manner is ridiculous and reduces the safeguarding opportunities for children being actively harmed.  Companies scan for CSAM with advanced technologies to ensure the privacy of their users in the same way they find, remove and report SPAM and malware.  Comparisons to someone at the post office opening every letter “IRL” are facetious and unhelpful.

Child abuse communication, whether grooming or CSAM, universally happens in private and the only people who know about it are the child and the abuser.  When the abuser shares the material there is an increased chance that it will be found, removed and reported to the police who can then take action to make the child safe.  There are very few other ways for people to find out about the abuse and help the child.

In an effort to avoid this unintended consequence the EU Commission has put a temporary derogation before EU lawmakers to stay just two articles within the regulation that will allow the voluntary actions to continue in the area of child abuse online only until they can get the law needed in place.  This temporary derogation has passed the committee stage and now will get its first reading in the EU Parliament then move into a formal “trilogue” or interinstitutional talks. 

The question is when?  The EU Parliament meets next week in plenary.  Will they do the first reading then?  When will the Trilogue meeting take place?  How long will it take?  Will they have this finalised and passed (without too much dilution) by 20th of December? 

I certainly hope so.

Here is what you can do:

Sign the petition

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.


[1] It’s full name is actually “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)” and it repeals the ePrivacy Directive of 2002.  

children’s rights always second to ideology and profit

We all know the damage sexual abuse does to children.  This is self-evident.  We also know that from a victim perspective to have been abused is one thing but to have images or movies of that abuse circulated online is quite another and an extra burden to carry through life.  Grooming too is an abhorrent crime that abuses trust, love, and confidence in other human beings and becomes something that stops a child’s development and sets it off on another path, mostly negitive. Both of these crimes have been hugely amplified by ICT and technology in general.  As Mary Aiken said “Human behaviour is often amplified and accelerated online, by what I believe to be an almost predictable mathematical multiplier, a “cyber effect”, arguably the E = mc2 of this century.”[1] 

Some companies take voluntary action on their networks to find, report and remove Child Sexual Abuse Material and Grooming activity.  What they find is staggering.  They scan using strong algorithms, hash and other signatures and false positives are possible but rare – just like SPAM, virus or malware scanning. When they find something they are oblidged to report it (in the USA).  

However, all this voluntary action is threatened by the fact that the EU Parliament and more specifically the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) is considering whether to allow a derogation to certain provisions of the ePrivacy Directive due to come into force on the 21st of December.  The temporary derogation has been applied for by the European Commission to allow them to propose a more permanent solution via legislation in Q4 2021. 

If this derogation fails to go through or is watered down in a wishy-washy way it will have a significant impact on the ability of law enforcement and civil society to fight online child sexual abuse and once again we will see that children’s rights are sacrificed on the twin altars of ideology and profit. 

I will post some more short explanatory posts on this issue in the coming days but in the meantime you can act by contacting your MEPs, your local reps and by signing the petition placed here by the NCMEC.  If this derogation fails, we all fail.

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

Read the excellent analysis of John Carr in his blog here, here and here


[1] Big Ideas in Cyberspace – Mary Aiken retrieved 23/11/20 https://www.eib.org/attachments/eib_big_ideas_life_in_cyberspace_en.pdf