The European Commissioner for Home Affairs on Sunday defended her proposal to clamp down on child sexual abuse online as "well-reasoned" and "legally solid" following criticism from data protection watchdogs.
The Commission unveiled its Better Internet for Kids strategy in May. The plan would require social media platforms or communication providers to pro-actively look for Child Sexual Abuse Material (CSAM) shared online and to automatically share it with national authorities and a new EU expertise centre.
Tech companies would also be forced to monitor encrypted content, which many experts immediately decried as an attack on privacy and the potential beginning of generalised surveillance in the EU.
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) joined the criticism on 29 July, arguing in a joint opinion that the Commission's proposal "may present more risks to individuals, and, by extension, to society at large than to the criminals pursued for CSAM."
The independent watchdogs expressed "serious concerns about the impact of the envisaged measures on individuals’ privacy and personal data" and said that "there is a risk that the Proposal could become the basis for a generalised and indiscriminate scanning of content of virtually all types of electronic communications."
They also argued that the use of technologies to scan users’ communications, such as artificial intelligence, could generate errors and would represent "a high level of intrusiveness into the privacy of individuals".
Finally, they underlined the importance of encryption when it comes to respecting private life, the confidentiality of communications, freedom of expression, innovation and growth of the digital economy and stressed that "preventing or discouraging, in any way, the use of end-to-end encryption would seriously weaken the role of encryption in general."
In her rebuttal to the criticism issued in a blog post on Sunday, EU Commissioner for Home Affairs Ylva Johansson said the Better Internet for Kids strategy is "well-reasoned, legally solid and entirely necessary to fight the scourge of child sexual abuse online."
She argued that it "strikes the right balance between the various fundamental rights concerned, in particular in view of the serious nature of child sexual abuse" and that safeguards were built in to protect people's privacy.
These include the requirement for providers to deploy technologies "that are the least-intrusive in accordance with the state of art in the industry" and the possibility for judicial redress whereby both providers and users can "challenge any measure affecting them in Court" with the latter also entitled to compensation for any damage incurred from processing under the proposal.
Johansson also pointed to a recent paper by technical experts at the UK's intelligence and cyber security agencies that outlined "a range of possible ways that child sexual abuse material could be detected within encrypted services that would still protect user privacy."
"I am proud of this proposal. It is proportionate and has checks and balances that are rigorous and fair," the Commissioner wrote.
"What I am concerned about is the very real, very shocking, effects of child abuse: On the child, on the adults they grow up to be, and on society as a whole."
"This legislation is the very best of what the European Union can do," she concluded.