Looking for help with the Online Safety Act  - Ofcom consultation & guidelines? Please get in touch. 

End-to-end encrypted services out of scope
Targetting of individuals or groups only with “reasonable suspicion” and judicial warrant plus judicial oversight of hash lists
No mandatory age verification for app stores and communications services

The European Parliament's Civil Liberties Committee has today formally adopted a political compromise on its proposed new law to tackle child sexual abuse online. In legislative terms, it is a significant breakthrough on this very sensitive issue that had risked becoming dead-locked. This new proposal offers a new way forward that protects children and privacy. It has the potential to be agreed by a wide range of stakeholders.

**UPDATE 22 NOVEMBER  This position has been formally adopted by the European Parliament. Negotiations with the Council of Ministers can begin.**

It scraps a requirement for mass scanning of WhatsApp and other encrypted chat messages. This signifies a dramatic U-turn on the original proposal put forward by the European Commission, and will protect individual chat messages from intrusive surveillance.

The compromise amends proposed EU legislation known as the EU Regulation on Child Sexual Abuse Material. The aim of the legislation is to remove offending material from social media and other online platforms, and to enable law enforcement authorities to investigate potential grooming and abuse of children.

The text proposed by the Civil Liberties Committee (LIBE) enables targeted law enforcement measures, but does not permit intrusive bulk scanning of people's chat messages. In a major win for privacy rights, end-to-end encrypted services, such as WhatsApp and other chat services, have been excluded from the scope.

It asks providers to do a risk assessment and to take mitigating measures, but those measures must be targeted, proportionate and effective. These words have a specific meaning in EU law. Detection orders issued by public authorities should be time-limited, and targeted at individuals or groups where there are reasonable grounds of suspicion that they are linked to child sexual abuse. Other measures proposed are intended to protect children against unsolicited messages.  

A requirement for app stores to use age verification has been deleted. I further understand that the compromise removes mandatory age verification for communications services. 

In an interesting and novel move, as identified by EDRi, it also introducers judicial oversight of hash lists. These are databases of digital fingerprints used to identify the proscribed images.

As previously reported on Iptegrity, [see MEPs reach political agreement to protect children and privacy] the new text was drafted by rapporteurs from all Party Groups on the Committee. A leading protagonist was the German MEP and expert in the law on privacy and surveillance, Dr Patrick Breyer.  The strong cross-party consensus on the text was evident when the Committee voted almost unanimously to adopt it: 51 committee members voted in favour, one abstained and there were two against.

The agreement follows a legal opinion from Christopher Vajda KC, a former judge of European Court of Justice, who interestingly is also a member of the Bar of England and Wales. His opinion states that the measures in the Commission's original proposal would interfere with privacy rights and would be unlawful. This would put it at risk of being struck down by the court, if there was a legal challenge. Such cases do happen, as with the Data Retention Directive, which was struck down by the Court of Justice in 2014.

It's also not the first time the European Parliament has reversed a Commission proposal on tech policy. In 2009, the Parliament struck out an amendment inserted by the Commission into a major piece of telecoms law, that would have required broadband providers to monitor and block users who infringed copyright. This was the 2009 Telecoms Package which you can read about on this website.

The vote means that the Parliament can begin negotiations with the Council of Ministers and the Commission (the so-called Trilogues), subject to a formal endorsement in the plenary session of the Parliament on 20 November.

The Council is likely to discuss the issue on 4 December. It's not clear what position the Council will take, but there are a number of Member States, including Germany and Poland, who are known to be opposed the Commission's original proposal and therefore may be more sympathetic to this one.

We wait in anticipation of the next stage.


You are free to cite from this article. Kindly acknowledge Dr Monica Horten as the author and provide a link back.

I provide independent advice on policy issues related to online content. I specialise in interpreting amendments to laws. It was a core element of my PhD methodology and I've been doing it ever since. If you need help with the Online Safety Act and the Ofcom consultation, please get in touch.

As an addendum to this article, I've now got the actual proposal text and will update if there's anything further. 


Find me on LinkedIn

About Iptegrity

Iptegrity.com is the website of Dr Monica Horten. I am an  independent policy advisor, with expertise in online safety, technology and human rights. I am a published author, and post-doctoral scholar. I hold a PhD from the University of Westminster, and a DipM from the Chartered Institute of Marketing. I cover the UK and EU. I'm a former tech journalist, and an experienced panelist and Chair. My media credits include the BBC, iNews, Times, Guardian and Politico.

Iptegrity.com is made available free of charge for non-commercial use. Please link back and attribute Dr Monica Horten.  Contact me to use any of my content for commercial purposes.