Insights European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) adopt Joint Opinion on EU Commission’s Proposal for a Regulation to prevent and combat child sexual abuse


The EDPB and EDPS explain that the Proposal aims to impose obligations relating to detecting, reporting, removing and blocking online child sexual abuse material (CSAM), as well as the solicitation of children, on providers of hosting services, interpersonal communication services, app stores, internet access services and other relevant services.

The EDPB and EDPS consider child sexual abuse as a particularly serious and heinous crime. Limitations to the rights to private life and data protection must, however, respect the essence of these fundamental rights and remain limited to what is strictly necessary and proportionate, they say. The EDPB and EDPS consider that the Proposal, in its current form, may present more risks to individuals, and, by extension, to society at large, than to the criminals pursued for CSAM. Whilst supporting the goals and intentions behind the Proposal, the EDPS and EDPB express serious concerns about the impact of the envisaged measures on individuals’ privacy and personal data.

In the opinion of the EDPB and the EDPS, the lack of detail, clarity and precision of the conditions for issuing a detection order for CSAM and child solicitation does not ensure that only a targeted approach to CSAM detection will result. There is a risk that the Proposal could become the basis for a generalised and indiscriminate scanning of content of virtually all types of electronic communications, they say. The EDPB and EDPS therefore advise that the conditions for issuing a detection order should be further clarified.

The EDPB and EDPS also highlight the importance of end-to-end encryption to privacy and say that preventing or discouraging the use of this technology would seriously weaken the role of encryption generally.

The EDPB and EDPS welcome the proposal for a new EU Centre and a network of Coordinating Authorities to tackle child sexual abuse issues but recommend that the relationship between the Coordinating Authorities and national data protection authorities are better regulated.

Further, the EDPB and EDPS say that instead of giving Europol direct access to all data, this should be on a case-by-case basis only, following a thorough assessment of the data access request via a secure communication tool. To read the EDPB press release in full and for a link to the Joint Opinion, click here.