The European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) issued a joint opinion condemning the proposed EU legislation to combat the dissemination of Child Sexual Abuse Material (CSAM). This proposal includes authorization for judicial authorities to require tech providers to install detection tools that will scan communications for suspicious content.
Privacy advocates have raised concerns over the measure’s potential to breach End-to-End Encryption and deemed it disproportionate in scope—encompassing entire communication services and spanning up to two years. The EDPS and Board concluded that this type of widespread monitoring amounts to general surveillance, rather than a targeted approach.
The European Union’s data privacy watchdog has asserted that proposed regulations for access to online content platforms do not deliver on their individualized safeguards and instead, create a false sense of legality. When asked if this implied the Commission intended to mislead, the EDPS denied such an accusation. Nonetheless, as all users of the targeted platforms could be affected by the detection orders, Wiewiórowski observes that it is hard to protect civil liberties when fundamental rights are at stake.
He went on to refer to court rulings such as Tele2 Sverige and Digital Rights Irelands that point out that no measure can compensate for breaches in proportionality where access to private communications is concerned. The EDPS is therefore expecting a repeal of these detection orders.