Today, member states' ambassadors agreed on a negotiating mandate on temporary rules to allow providers of communications services such as web-based email and messaging services to continue detecting child sexual abuse online. These temporary rules will have to be in place by 21 December 2020, when the comprehensive European electronic communications code enters into application, bringing with it a new definition of electronic communications services, which from that date on will also include 'number-independent interpersonal communications services' (NI-ICS). Following the change, these services will have to comply with the confidentiality rules of the ePrivacy directive instead of the general data protection regulation (GDPR) and, without a specific derogation, they will not be able to continue their current practices to combat child sexual abuse online.
Protecting children and fighting against child sexual abuse in any form is an absolute priority for the EU. The valuable activities carried out on a voluntary basis online to detect and remove this criminal material must be able to continue without interruption.
Peter Altmaier, German Federal Minister for Economic Affairs and Energy, President of the Council
The ePrivacy directive ensures the protection of private life and the confidentiality of communications and personal data in the electronic communications sector. Providers of electronic communications services must comply with ePrivacy when processing communications data. In its definition of 'electronic communications services', the ePrivacy directive relies on the definition in the electronic communications code.
Some NI-ICS providers are already using specific technologies to detect child sexual abuse on their services in order to remove it and/or to report it to law enforcement authorities and to organisations acting in the public interest to fight against child sexual abuse.
In contrast to the GDPR, the ePrivacy directive does not contain a legal basis for voluntary processing of content or traffic data for the purpose of detecting child sexual abuse. Therefore, for the services falling within the scope of the ePrivacy directive, NI-ICS providers will not be able to continue to take such action unless a legislative measure is adopted with urgency and brought into effect by 21 December 2020. The derogation will make it possible for these activities to continue as long as they are compliant with the GDPR.
The Commission has announced that it will propose legislation to tackle child sexual abuse online by the second quarter of 2021. That legislation will aim to provide a long-term solution to replace the temporary measure.
Under the Council position, the temporary regulation will apply until 31 December 2025, or until an earlier date when the permanent legal instrument is adopted by the legislators and repeals this temporary measure.
Today's mandate was approved by ambassadors meeting in the Council's Permanent Representatives Committee (Coreper). It allows the presidency to start talks with the European Parliament on the final text.
A link to the Council mandate will be added to this press release on our website.