EU Parliament backs extension of child abuse scanning rules amid privacy worries
The vote comes after a temporary legal regime allowing a derogation from GDPR laws expired in April
The European Parliament voted on Thursday to allow big tech companies to scan private chats, emails and uploads again in order to flag and report child abuse material.
While proponents say the law will give big tech companies legal certainty that their scans can result in criminal investigations and protect them from lawsuits, others, including Malta PL MEP Alex Agius Saliba, say it is an attack on privacy.
The vote comes after a temporary legal regime allowing a derogation from GDPR laws expired in April.
Back then, the Council of Ministers — a body consisting of the EU’s 27 member states — and the European Parliament could not agree on what amendments to include when extending the measures.
While the Council wanted to keep things as they were, the European Parliament wanted to introduce a new clause protecting end-to-end encrypted chats, such as WhatsApp, from being accessible to big tech companies.
It is now in the Council’s hands whether to accept that proposal or continue opposing the amendment.
However, a large group in the European Parliament opposes the temporary law, saying it gives big tech companies such as Meta and TikTok too much power.
Among Alex Agius Saliba's concerns is the provision allowing companies to carry out 'voluntary scanning'.MEP Alex Agius Saliba, who is the Socialist political group’s lead negotiator in Parliament on the EU directive that should eventually set permanent laws on the matter, is one of the temporary law’s opponents.
Among his concerns is the provision allowing companies to carry out “voluntary scanning”.
That provision means companies can choose to scan their users indiscriminately, using AI and other technology to analyse text, photos, videos and other data.
“That provision is not proportionate. Can you imagine scanning everyone’s private conversations in order to solve a single crime?” he said.
Agius Saliba added that the temporary provision also carries no safeguards against big tech companies using their scanning powers for purposes other than detecting child sexual abuse material (CSAM).
Another argument he put forward was that introducing the temporary provision would mean less enthusiasm across the EU to agree on and implement a permanent directive.
He said negotiations on that directive were at an advanced stage and would likely include more privacy safeguards, such as the requirement for reasonable suspicion of CSAM before scanning.
Momentum has also expressed its opposition on the basis of privacy concerns.
“Despite not breaking end-to-end encryption, the proposal remains a calculated move to sneak in mass surveillance under the guise of child safety because it grants tech companies indiscriminate power to undertake client-side scanning of all communications.”
“If we want to take the protection of our children seriously, we must implement targeted, effective solutions without delay, rather than default to a general solution that treats every citizen as a suspect,” Momentum said.
His Maltese colleague, PN MEP Peter Agius, who supported the law, said in a Facebook post that he was backing the changes because of the amendment preventing end-to-end encrypted messages from being scanned, which, for him, meant protecting the right to privacy.
Agius said companies currently had no legal backing to fight the spread of CSAM and that a new law was therefore needed as soon as possible.