European Union lawmakers continue to face backlash over their controversial proposal to enact surveillance measures, including client-side scanning, on digital messaging platforms in an effort to combat child sexual abuse material (CSAM).
This week, the EU Commission’s ombudsman published details of a finding that the executive branch was guilty of maladministration in regards to withholding information about their communications with a child safety technology company. Although some documents relating to these exchanges were released by the Commission last year, others were denied access.
The ombudsman’s recommendation follows a complaint filed in June 2022 by a journalist who requested public access to documents received by the Commission from Thorn, a US company that claims to have AI technology capable of detecting and removing CSAM.
In her recommendation, EU ombudsman Emily O’Reilly urges the Commission to reconsider its decision and provide “significantly increased, if not full, public access” to the documents in question. She adds that transparency is crucial in this situation, given the ongoing legislative process and the potential impact on citizens’ privacy rights.
According to O’Reilly, the disclosure of these documents would allow the public to effectively participate in the decision-making process and scrutinize who and what informed the controversial proposal. She also highlights the importance of not allowing stakeholders to have closed-door input.
“Transparency will allow the public to scrutinise who and what informed the legislative proposal in question. Stakeholders who actively provide input should not be allowed to do so behind closed doors.”
Several critics have accused the Commission of being unduly influenced by lobbyists advocating for proprietary child safety tech. These lobbyists stand to benefit financially from laws mandating automated CSAM checks.
Last fall, a seminar organized by the European Data Protection Supervisor revealed a wide range of concerns regarding the Commission’s proposal. Many believe that it will be ineffective in fighting child sexual abuse and poses a major threat to fundamental freedoms in democratic societies.
Although parliamentarians have proposed a revised approach that would remove the requirement for messaging platforms to scan encrypted messages, the fate of the CSAM legislation remains in the hands of the European Parliament and Council. As a result, it’s unclear how this proposal will progress.
When asked about the ombudsman’s recommendation to release more documents regarding the Commission’s communications with Thorn, the executive branch did not respond immediately. However, their eventual reply suggested that they would take their time in reviewing the finding of maladministration.
“The Commission will provide access to documents as appropriate and within our legal framework. Specifically, as regards the Ombudsman recommendation, the Commission will carefully consider the recommendation of the Ombudsman. A reply is due by March 19.”
The Commission’s proposal has already sparked controversy within its own ranks. Last year, it was criticized for running microtargeted ads on social media promoting the legislation. Privacy rights group noyb filed a complaint against the Commission over this, and an internal investigation was launched. However, the Commission has yet to publicly disclose the results of this probe.
The existence of this internal investigation also led the EU ombudsman to decline investigating the microtargeting allegations. However, an inquiry was opened regarding potential conflicts of interest related to the transfer of two employees from Europol to Thorn.
“I have decided to open an inquiry to investigate how Europol dealt with the moves of two former staff members to positions related to combatting online child sexual abuse,” wrote O’Reilly in her response to the complaint.
“As a first step, I have decided that it is necessary to inspect certain documents held by Europol related to these post-service activities. I expect to receive these documents by January 15, 2024.”
The ombudsman’s investigation into Europol’s communications with Thorn is ongoing. It’s worth noting the irony that additional controversy surrounding the Commission’s message-scanning proposal is being driven by challenges accessing private communications between EU institutions and industry lobbyists. Perhaps there is a message here for policymakers to consider.