IWF joins coalition of charities raising concerns over the European Commission’s E-Privacy Directive

The Internet Watch Foundation (IWF) has recently joined a campaign along with the Children’s Charities Coalition on Internet Safety, to raise concerns about the European Commission’s proposed legislation on E-Privacy. This is important to us because, if it’s enshrined in law, it will potentially have a direct impact on the tech companies’ ability to scan their networks for child sexual abuse images and videos, together with other forms of illegal content online.

What’s the issue?

Under Article 5 of the proposed E-Privacy legislation, people would have much more control over their personal data. It’s been a similar debate with the recent introduction of the European Commission’s GDPR legislation. Of course, this is a principle that the IWF supports, as we do believe that people should have the same freedoms online that they do offline and the ability to control how their data is used online. However, as currently drafted, Article 5 proposes that in order for tech companies to scan their networks for known child sexual abuse content, this would require the consent of the end user (for example, the person receiving an email or message). Essentially this means that unless a paedophile agreed to the tech platform that they were using to exchange images on to scan their communications - which they would be extremely unlikely to agree to, if they are exchanging illegal images -, technology companies would no longer be able to do what the Home Secretary called on them to do in his recent speech about keeping children safe online.

Article 11 of the legislation would enable Member States such as the UK to opt out of the new E-Privacy laws, if this would be for a law enforcement function, such as child sexual abuse images being exchanged and where they already have strong national legal frameworks for dealing with such issues. This, however, should not be the point. The European Commission should be seeking to legislate in a way that enables all Members States and tech companies, who it should be remembered operate globally, to monitor their networks to detect abuse, safeguard users from stumbling across illegal content and bring to justice those who do abuse technical networks to abuse children.

What is IWF calling for?

We are calling on the European Commission to follow the same principles to implement the E-Privacy legislation that have been followed with the implementation of GDPR, in the same way that previous E-Privacy legislation has been updated accordingly with previous data protection legislation.

We believe that there are currently three principles from GDPR missing from Article 6 of e-privacy legislation:

• Processing is necessary for compliance with a legal obligation to which the controller is the subject; 
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or vested in the controller.

These principles should be applied for both content and metadata. The Commission may also be able to consider whether an exemption could be created for “abusive use” of a platform or service, which would help tech companies with material that is harmful but does not meet the “vital interest” threshold or necessarily considered as illegal.

It is important to remember that we all recognise the importance of an individuals right to privacy online, but as the Home Secretary Sajid Javid said just a couple of weeks ago, the scale of threat towards children online is changing and evolving. Legislators in the UK and the EU must give tech companies all the tools at their disposal to stop the spread of this abhorrent material online. These amendments would enable them to do so.