While journalists inform about the daily numbers of new Covid-19 infections (by any means a useless measure), variants, the prodigies of mRNA vaccines (one wouldn’t be surprised if it was soon discovered that they also help against erectile dysfunctions, acne and to lose weight), governments play the card of soft (and hard) powers to convince the population to get the jab.
Meanwhile, the EU plays its undemocratic game and paves the road to the annihilation of rights, and - frankly - it’s too good at that. Eventually, the EU is also fast at forgetting that its moves would make its forefathers turn into their tombstones disgusted.
If you thought that you had already seen and learned everything there was to know about electronic surveillance in 2005 when Mr. Edward Snowden spilled the beans about NSA’s surveillance programs, the time has come to reconsider and think again.
The EU recently approved an e-Privacy derogation (known as Regulation (EU) 2021/1232 of the European Parliament and of the Council of 14 July 2021 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse).
A previous EU directive (Directive 2002/58/EC) worried about the processing of personal data online and thus set the basis for the citizens’ right to privacy in the digital world.
The Regulation, on the other hand, forms a worrying exception to the Directive’s articles 5(1) (Confidentiality of the communications) and 6 (Traffic data).
In legalese words, the Regulation “introduce[s] a narrow and targeted legislative interim solution with the sole objective of creating a temporary and strictly limited derogation from the applicability of Articles 5(1) and 6 of the ePrivacy Directive, which protect the confidentiality of communications and traffic data [...] This Regulation lays down temporary and limited rules derogating from certain obligations laid down in Directive 2002/58/EC, with the sole objective of enabling providers of certain number-independent interpersonal communications services to use specific technologies for the processing of personal and other data to the extent strictly necessary to detect online child sexual abuse on their services and report it and to remove online child sexual abuse material from their services" (European Sources Online, 2021).
In a more plain language, the Regulation (EU) 2021/1232 now temporarily allows (but will possibly later require) online service providers to automatically scan EU citizens’ confidential communications for pedophiliac content and report these to the authority (art. 1(a)(1)), provided that the intrusion happens with the “least privacy-intrusive measures” (art. 1(b) and (c)) and thus within GDPR's principles (data protection by design and default).
Exceptionally simply put it means this: a third party has the right to preemptively snoop into any digital communication, audio excluded, to see if, within it, pedophiliac content is being transmitted, or a solicitation of children is being made.
The e-derogation may at first be considered a virtuous act to safeguard children: pedophilia is disgusting, dangerous, and destroys lives. None disagrees. Despite this, pedophilia acts as a trojan horse to snoop into and indiscriminately invade citizens’ privacy massively, without a balancing act between ends and means.
Privacy, it should be recalled, is enshrined in art. 8 of the European Convention of Human Rights (and, for the international readers, in art. 12 of the Universal Declaration on Human Rights). As it is one of the human rights’ cornerstones, it cannot and should not be interfered with easily, arbitrarily, and superficially. It should not be the object of massive and indiscriminate interferences.
In this context, one also worries about the collaboration between governments and private companies. Why should the latter be part of law enforcement activities? Why should Google, Facebook, an Internet Service Provider, Whatsapp, etc. etc. be permitted to infringe on anyone’s privacy?
While the reader is free to decide what s/he thinks, the author believes the Regulation (EU) 2021/1232 to be a dangerous slippery slope. Eventually, she’s not alone (see e.g., European Data Protection Supervisor, 2020): the European Data Protection Supervisor himself advised against the law, without success.
As it stands, Regulation (EU) 2021/1232 may efficiently serve as a precedent for future legislation that may push other scopes, whose limits are only given by the imagination. First drug trafficking, then terrorism, following serious crimes, next less serious ones. Bit by bit, privacy will be dismantled and become a truly outdated concept. The German Democratic Republic, with its Stasi, showed what a country without privacy looked like and today’s China should be a prime example of what happens when privacy isn't taken into account.
Unless voices raise and raise fast and high against the UE and its minions (among which Google and Apple should have a place of honor), the concept of privacy is so much at risk that it may be no more in a heartbeat. Pushed, moreover, by Covid-19 extraordinary powers here and there…
Cox LLP, A., 2021. ePrivacy: EU Regulation Introduced to Allow Companies to Tackle Online Child Sexual Abuse. [Blog] Available at: <https://www.lexology.com/library/detail.aspx?g=d146057f-1a1c-42b8-8344-82bd4fa5f8f0> [Accessed 8 September 2021].
DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic commu- nications sector (Directive on privacy and electronic communications).
European Data Protection Supervisor, 2020. Opinion 7/2020 on the Proposal for temporary derogations from Directive 2002/58/EC for the purpose of combatting child sexual abuse online. Available at: <https://edps.europa.eu/sites/edp/files/publication/20-11-10_opinion_combatting_child_abuse_en.pdf.> [Accessed 8 September 2021].
Europeansources.info. 2021. Regulation (EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse – European Sources Online. [online] Available at: <https://www.europeansources.info/record/proposal-for-a-regulation-on-a-temporary-derogation-from-certain-provisions-of-directive-2002-58-ec-as-regards-the-use-of-technologies-by-number-independent-interpersonal-communications-service-provid/> [Accessed 8 September 2021].
Naranjo, D., 2021. Companies are now allowed to scan your private communications. [Blog] European Digital Rights, Available at: <https://edri.org/our-work/companies-are-now-allowed-to-scan-your-private-communications/> [Accessed 8 September 2021].
Pollet, M., 2021. Google backs EU plans to fight child sexual abuse. [online] Available at: <https://www.euractiv.com/section/data-protection/news/google-backs-eu-plans-to-fight-child-sexual-abuse/> [Accessed 8 September 2021].
Regulation (EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number-independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse.
Sherr, I., 2021. iPhone privacy: How Apple's plan to go after child abuse could affect you. CNET, [online] Available at: <https://www.cnet.com/tech/services-and-software/iphone-privacy-how-apples-plan-to-go-after-child-abuse-could-affect-you/> [Accessed 8 September 2021].