Statement on new EU ePrivacy rules and the implications for children | Children’s Commissioner for England
Yesterday, new EU ePrivacy rules came into effect which introduced new limits on the way in which technology companies can use messaging and calling data. The rules undermine the ability of companies to use established, privacy-preserving tools such as PhotoDNA to identify child sexual abuse imagery and grooming on their platforms.
These tools work in a similar way to email spam filters, scanning images and videos as they are sent and checking against a database of known, illegal child abuse material. The National Crime Agency state that industry reporting led to the arrest of more than 4,500 offenders and protected around 6,000 children in the UK from further abuse in the year to 2020.
Before the new ePrivacy rules came into force, the EU was exploring the possibility of an exemption which would enable companies to continue using these tools. Disappointingly, the decision has been postponed until the New Year.
Earlier this month, we released new research which found that nine in 10 children use messaging apps, including 60% of eight-year-olds and 90% of 12-year-olds. Worryingly, one in 10 children report using these apps to speak to strangers, and 1 in 20 teenage girls share photos with strangers. The risks to children are clear.
It is therefore welcome that five companies, including Google, Microsoft and Roblox, have publicly committed to continue proactively scanning their platforms for illegal child abuse material regardless, while the EU finds a solution. I would strongly encourage all platforms to follow their lead and continue scanning for this material until the EU has concluded its discussions on an exemption.
The Home Office has released documentation which supports the continued ability to use scanning tools under UK domestic law, despite these new rules. However, the continued circulation of child sexual abuse material by European users puts children in England at risk. Therefore, it is important that companies continue to scan throughout the whole of Europe.
I am also calling upon the EU trilogue to ensure that an exemption is agreed as a matter of the utmost urgency. It was clearly not the intention of the new ePrivacy rules to frustrate attempts to stop child abuse, and yet this is the situation we are now in. The trilogue must urgently address the unintended consequences of these new rules for children’s safety.