We must find a balance between privacy rights and the protection of children from sexual abuse and exploitation.

Privacy rights are among the most traditional human rights, but discussions around them have never been as relevant for the best interests of children as they are right now. It has become evident that there is a significant lack in the balance between privacy rights and the fundamental rights of children to be safe from abuse and exploitation, as well as a gap in the research and in the understanding on how to reach such a balance.

Since the ePrivacy Directive amendments in December 2020, NCMEC reported a 58% decrease in abuse reports made by companies in the 18- week period following the adoption of the Directive. Following extensive advocacy work by child rights stakeholders, the European Commission recently accepted a temporary 3-year derogation to the Directive, which allows Online Service Providers (OSPs) to continue their activities to detect and report child sexual abuse online and remove CSAM on their services, albeit with strict limitations. All of this is occurring while end-to-end encryption, another technology which could severely limit the possibility to detect child sexual abuse, is gaining popularity among OSPs. Privacy rights advocates are, to a large extent, opposing any limitations to the technology, fearing implications on the privacy rights of society as a whole.

So, what can be done? It is evident that the only way to reach a solution accepted by all parties is through multi-stakeholder dialogue, which must not be polarized, but rather should be held in a constructive manner where the goal is to find the balance which we crucially need. When it comes to legislation, it must be future proof, so as to avoid such scenarios that we encountered earlier this past year, with decisions being made considering the best interests of children.

Importantly, we need more discussion and awareness regarding the use of end-to-end encryption, and how to regulate it. Otherwise, the efforts ensuring the possibility for OSPs to detect and report online child sexual abuse will be in vain if the same companies begin offering extensive encryption technology, which will make the detection nearly impossible. For example, PhotoDNA, one of the more commonly used detection technologies by OSPs, is not usable on end-to-end encrypted content. I do not mean to downplay the importance of privacy rights in our society, as also privacy rights pertain to children’s fundamental rights. It is, however, crucial that we remember that the indivisibility of human rights means that we cannot let privacy rights take priority over the protection of vulnerable children. A scenario where OSPs are no longer able, or willing, to detect and report child sexual abuse on their platforms is unacceptable.

The European Union has become the center of the problem, hosting more child sexual abuse material than any other region in the world. And while the temporary derogation to the ePrivacy directive is a step in the right direction and something to celebrate, we must bear in mind that it is indeed temporary. The recent development, and the risk posed by the increase in full end-to-end encryption, demonstrate that filling the existing gap in the balance between privacy rights and the protection of children is of paramount importance, with the temporary derogation now placing a tight timeframe for success. Without it, we risk creating a safe haven for child sexual abusers in the EU, and consequently risk failing the protection of children globally.

Matilda Sandvik

Project employee, Protect Children, LL.M candidate in international law specializing in human rights

matilda.sandvik(a)protectchildren.fi