Detection orders are the focus of several informal documents, distributed during this week’s technical meetings in the European Parliament about the draft law to prevent online child sexual abuse.
The proposed regulation aims to prevent and combat online child sexual abuse material (CSAM), making it a requirement for digital platforms in the EU to detect and report such material. Most changes in the newest documents about the legislation regard detection orders, and, in connection to that, voluntary and mandatory measures.
Detection orders
Detection orders would be issued to give the green light to the detection of CSAM on platforms. Regarding these orders, the rapporteur’s opinion seems to remain that it should be a last resort, only issued by competent judicial authorities.
According to Javier Zarzalejos, the definition of CSAM should still include all three types of material, namely known, unknown, and grooming. Known refers to materials already spread on the internet, while unknown refers to those that have not been detected yet.
However, most changes added in the documents distributed this week, in the case of detection orders were based on previous suggestions by the European Parliament’s Committee on Internal Market and Consumer Protection, which is leading the file.
Detection orders have to include targeted and proportionate information, “the identifiable part or component of the service or the individual users or the specific group of users concerned.” The application period of the orders also has to be proportionate.
The Coordinating Authority should only issue detection orders when there is evidence of a “significant risk” that the service is used for child sexual abuse or the service provider’s mitigation measures have “insufficient material impact on limiting the identified risk.”
The section also includes that detection orders are “necessary and proportionate” and that they should be issued “without jeopardising the security of communications.”
Services that do not directly target children below the age of thirteen “may allow users to revert” mitigation measures “on an individual level.”
Age verification would also be made mandatory on porn sites, while for other providers, this criterion would not be mandatory anymore.
Voluntary vs. mandatory measures
An informal legal opinion, also seen by EURACTIV, has been given by Lazian Theo, Member of the Legal Service of the European Parliament, at the request of the CSAM file’s rapporteur.
According to the document, Renew Europe proposed the introduction of voluntary measures based on the interim regulation, which is in place until 3 August 2024, while the rapporteur introduced voluntary detection orders based on the detection orders seen in the new regulation. This is what the Legal Service was asked to give its opinion on.
Some services and platforms already implement voluntary detection orders when it comes to CSAM, following the interim regulation. It seems, however, that the new regulation’s measures are decided to be “necessary and proportionate” which would make them mandatory.
Having both voluntary measures and a framework for mandatory detection orders “would be at odds with the main purpose of the proposal which is to set up a clear and uniform framework.”
Moreover, two different legal bases for voluntary and mandatory measures could “undermine the protection of the fundamental rights at stake.”
Yet, voluntary measures might still be useful to “ensure a smooth transition” between the interim regulation’s voluntary regime, and the new regulation’s mandatory regime. EURACTIV has learned that voluntary measures will be eventually phased out with a possible transition period.
According to the informal legal opinion of the Legal Service, one of the options is to introduce the provisions in the new regulation which would let providers use the voluntary measures as they are in the interim regulation until the new one is implemented. The provisions should have the same legal framework (for example, have the same scope).
The other option is for the new regulation to directly amend the relevant article of the interim regulation so that its application can be extended “until the date of effective application of the new Regulation, i.e. six months after its entry into force.” In this case, the new regulation must enter into force on 3 August 2024, “otherwise, the Interim Regulation will expire before the modification will have entered into force.”
In any case, the document reminds that the transitional measures “will apply at the date of the entering into force of the new Regulation and not six months after, as it is currently drafted.”
According to a draft compromise amendment, which was also seen by EURACTIV, providers of software application stores have to indicate that the software app “does not permit its use by children or that the software application has an age rating model in place.” Moreover, when apps are only accessible with parental consent, they should make sure to verify that parental consent has been given.
Regarding this, the Commission can issue guidelines, “in cooperation with Coordinating Authorities and the EU Centre and after having consulted the European Data Protection Board and after having conducted a public consultation.”
EURACTIV has also learned that the technical meetings put more focus on the role of the planned EU Centre, a new central hub of expertise to help fight CSAM.
[Edited by Alice Taylor]
Source: Euractiv.com








Leave a comment