Together with other industry associations, EuroISPA is calling on EU Member States to allow the continuation of current Child Sexual Abuse detection practices.
Building on our previous joint statement welcoming the extension of the temporary ePrivacy Directive derogation, we reaffirm that proactive measures against CSA have been instrumental in protecting children online over the past decade.
Together with other industry associations, EuroISPA is calling on EU Member States to preserve the integrity of end-to-end encryption in the Child Sexual Abuse Regulation, and to protect both safety and privacy in the Council position.
Some worrying suggestions have been put on the negotiating table last week which are highly problematic for the privacy of users and the security of the Internet. In our joint statement, we point at other avenues for improvement, including voluntary detection and prevention.
Brussels, 23 January 2024 – EuroISPA, together with CCIA Europe and DOT Europe, coordinated the discussions among a coalition of more than 50 tech trade associations and organisations defending children rights on the proposal laying down rules to prevent and combat child sexual abuse.
All signatories share the same goal, which is to create and maintain a safe online environment for children, to detect and remove child sexual abuse (CSA) content online, and to ensure the investigation of offenders, in a manner that is compatible with privacy and human rights.
EuroISPA is particularly proud to see our members CZ.NIC, FiCom, ISPA Austria and ISPA Belgium as individual signatories of the statement, underlining the great commitment of European Internet Services Providers (ISPs) to eradicating online child sexual abuse.
Together, we have agreed to jointly call for a swift adoption of the ePrivacy derogation extension. Below are the main points of our joint call:
All signatories remain committed to working towards legislation which stands the test of time and that is in the best interest of children.
Signatories: 5Rights Foundation, Agarrados à Net, ARSIS – Association for the Social Support of Youth, Asociația Eliberare, Association Novi Put, Brave Movement, Canadian Centre for Child Protection, Center for Missing and Exploited Children (Centar za nestalu i zlostavljanu decu), COFACE – Families Europe, Computer & Communications Industry Association (CCIA Europe), CZ.NIC (Czech Internet Association), Defence for Children International Nederland – ECPAT Nederland, Developers Alliance, Digital Poland Association (Związek Cyfrowa Polska), DOT Europe, ECPAT Albania, ECPAT Austria, ECPAT Belgium, ECPAT France, ECPAT International, ECPAT Luxembourg, ECPAT Norway, ECPAT Sweden, Eurochild, EuroISPA (European Internet Services Providers Association), FAPMI-ECPAT Spain (Federación de Asociaciones para la Prevención del Maltrato Infantil), FICE Croatia, FiCom (Finnish Federation for Communications and Teleinformatics), Fundacja Dajemy Dzieciom Siłę (Empowering Children Foundation), GSMA, Hintalovon Child Rights Foundation – ECPAT Hungary, “Hope for Children” – CRC Policy Center, IAC – Instituto de Apoio à Criança, ICMEC – International Centre for Missing & Exploited Children Singapore, Internet Watch Foundation (IWF), ISPA Austria (Internet Service Providers Austria), ISPA Belgium, ITI – The Information Technology Industry Council, Marie Collins Foundation, Missing Children Europe, Miúdos Seguros Na Net, Network for Children’s Rights (NCR) (Δίκτυο για τα Δικαιώματα του Παιδιού), Pomoc Deci, Safe Online, Save the Children Europe, Stiftung Digitale Chancen, Stop Sexting, Suojellaan Lapsia, Protect Children ry, Terre des Hommes Netherlands, The Pancyprian Coordinating Committee for the Protection and Welfare of Children, The Smile of the Child, Video Games Europe and WeProtect Global Alliance
Building on two previous joint statements published in April 2023 and June 2023, EuroISPA and other European Internet industry associations AFNUM, CISPE.cloud, CCIA Europe, CZ.NIC, Developers Alliance, DOTEurope, eco, FiCom, Freedom Internet, i2Coalition, ISPA Austria, and ITI now call on policymakers to ensure the protection of encryption and to limit detection orders in the EU Regulation laying down rules to prevent and combat child sexual abuse (CSA Regulation).
We firmly stand behind the European Commission’s overarching objective to prevent and combat child sexual abuse, but we believe certain improvements need to be introduced in the proposed CSAM Regulation.
To this end, we call on EU policymakers to:
1) defend the rights to privacy and confidentiality of communications through the specific protection of encryption;
2) make sure that detection orders are a last resort measure;
3) limit detection orders to those with the ability to act.
The undersigned industry associations remain deeply committed to making the digital space safer for everyone and in particular to protecting children online.
Read the full statement: CSAM – Joint call for safeguarding encryption and limiting detection orders
Building on their initial joint statement published in April 2023, European industry associations ACT | The App Association, CCIA Europe, Developers Alliance, DOT Europe, eco, EuroISPA, FiCom, and ITI call on policymakers to maintain the flexibility for providers to choose the most appropriate risk mitigation measures and to acknowledge the value of voluntary measures to combat child sexual abuse online in a follow-up paper.
The associations and their members, active in the European Internet industry, agreed on the importance of the European Commission’s proposal to ensure the EU is committed to making the digital space safe for everyone, especially for children.
However, they are now together pointing at a specific part of the text, namely risk mitigation measures, which needs to be improved in order to achieve a legislative framework that helps the detection and prosecution of crimes, and the safeguarding of children.
To do so, the signatories recommend:
This joint industry statement is the result of a substantial joint effort between the signatories, coordinated by DOT Europe, that shows the unified commitment of several associations with a diverse membership and active in the sector at European level to protect children online.
European industry associations ACT | The App Association, CCIA Europe, CISPE Cloud, Dot Europe, eco, EuroISPA, FiCom, ISPA Austria and ITI have published a joint industry statement in which they call the European Commission to amend some key points of the proposed Regulation laying down rules to prevent and combat child sexual abuse.
The associations and their members, active in the European Internet industry, agreed on the importance of the European Commission’s proposal to ensure the EU is committed to making the digital space safe for everyone, especially for children.
However, they are now together drawing attention to how certain measures contained in the proposed Regulation need to be amended in order to reach the goals the Regulation is set to achieve.
To do so, signatories have formulated recommendations to amend six key aspects of the proposal:
This joint industry statement is the result of a substantial joint effort between the signatories, coordinated by EuroISPA, that shows the unified commitment of several associations with a diverse membership and active in the sector at European level to protect children online.
On Thursday, 23rd of March 2023, EuroISPA hosted an in-person expert roundtable on privacy and encryption, organised in the context of the European Commission’s proposal for a Regulation to prevent and combat child sexual abuse.
The event gathered a distinguished expert panel comprised of Mr Matthew Green, Associate Professor at the Johns Hopkins University and expert on applied cryptography and cryptographic engineering, Ms Arda Gerkens, CEO and founder of EOKM, as well as Ms Ella Jakubowska, Senior Policy Advisor at EDRi.
EuroISPA’s Board member, Thomas Bihlmayer (eco), moderated the discussion and introduced EuroISPA’s views from its position as a constructive contributor to child protection and privacy debates, thanks to its diverse membership (hotlines, ISPs of all sizes, platforms, cloud infrastructure services, etc.) that is at the forefront of the efforts to protect children online.
He highlighted EuroISPA’s commitment with the Commission’s objective to prevent and combat child sexual abuse and noted concerns over several aspects of the proposal. He focused on the operability of the regulation and on the dangers of breaking encryption, which will have a direct impact on the technical Internet infrastructure and impede efforts to create an Internet which enhances trust, user privacy, and freedom of expression.
Professor Matthew Green expressed concerns about the lack of understanding of the technical implications of the Commission’s proposal, and the possible harm that could bring to the security of global communications systems. During his intervention, he stressed the technical limitations of such proposed measures and the issue of over-relying on them, considering encryption is a very young area. For him, the proposal would benefit from an in-depth evaluation by scientists and researchers in Europe, which in his view should be seen as a pre-condition for mandating new technologies. (He shared his intervention in a more extensive version on his blog).
Representing the Dutch hotline, Arda Gerkens highlighted the issues of weakening encryption, compromising the security both for children and adults. She also noted the potential positive points, especially when it comes to the creation of a EU Centre as a centre for knowledge and support in the EU. She further explained how the approach of the Netherlands to fight child sexual abuse is working, noting some of the main elements that could be brought to EU level.
Finally, Ella Jakubowska raised the perspective of civil society. She explained why the proposed measures will lead to unreliable client-side scanning practices, undermining end-to-end encryption and making our devices more vulnerable to attacks from malicious actors, all without addressing the core issues or finding the right solutions to tackle child sexual abuse.
The panel discussion was followed by a Q&A session were participants had the opportunity to exchange about the compatibility of these measures with privacy legislation, the potential for improvement of scanning technologies as well as other solutions to allow fighting child sexual abuse without hindering privacy safeguards and fundamental rights.
This session is one of the different actions that EuroISPA is taking around encryption, privacy and the Commission proposal to fight Child Sexual Abuse Material online.
If you would like to know more about EuroISPA’s work on the topic, you can contact [email protected].
To read our Position Paper on the proposed CSAM Regulation, click on the button below.
14 September 2022 – EuroISPA publishes its Position Paper expressing concerns about the Proposal for a Regulation laying down rules to prevent and combat child sexual abuse. The document highlights risks of inoperability and technical unfeasibility, concerns around compatibility with the GDPR, DSA, ePrivacy Directive, NIS2, and the Open Internet Regulation, as well as emphasising worries about excessive administrative burdens on SMEs.
EuroISPA, a pan-European association which represents over 3,000 Internet Services Providers (ISPs), works to advocate for the needs both of the wider industry and of users. This position paper is one example of how the association’s members work together to draft recommendations for EU policy makers that can be implemented by the industry in order to tackle the issue at hand. EuroISPA members are at the forefront of the efforts to protect children online and have a longstanding relationship with law enforcement authorities to assist them in the fight against child exploitation.
Brussels, 18 May 2022 – EuroISPA, the pan-European association of Internet Services Providers Associations, highlights concern about privacy, freedom of speech, and overbearing obligations in relation to the recently proposed Regulation to prevent and combat child sexual abuse.
Alexandra Laffitte, President of EuroISPA, noted: “Our members share the view that obligations in relation to detecting, reporting, removing, and blocking of content in this proposal raise questions about intrusion into user privacy and potential surveillance by authorities or malicious actors, as well as about operational viability. Furthermore, in order to ensure consistency across the ecosystem and a proper balance with regards to fundamental rights and freedoms, the proposal needs to be aligned with the DSA and the GDPR. This is particularly important with regards to principles such as non-general monitoring and the confidentiality of electronic communications. Encryption tools are part of the framework which allows Internet and online services to be trusted and ensure ongoing cybersecurity and data protection. The weakening of end-to-end encryption would damage the economy as well as damaging efforts to create an Internet which enhances trust, user privacy, and freedom of expression”.
EuroISPA represents Internet Services Providers (ISPs) across the European continent, creating a common voice aiming to promote and protect the interests of its members whilst working towards a safer Internet for all.
Within EuroISPA, the Safer Internet Committee aims to contribute to the shaping of policies on child sexual abuse material (CSAM) online and cooperates with law enforcement authorities by sharing practical experience and infrastructure control. Several EuroISPA members also manage national level hotlines which contribute to the tackling of illegal content online.
“This proposal puts forward a new approach to combatting child sexual abuse, a crucial issue that we have been dedicated to for many years. However, it is important to note that the proposal only focuses on the Internet ecosystem, without considering and supporting the existing local-level schemes which have proven their efficiency in fighting and preventing child sexual abuse. EuroISPA is analysing the text in detail to ensure that the future framework will effectively help prevent child sexual abuse, and that the obligations on intermediaries do not have a burdensome effect on smaller players in the sector, as SMEs are at the core of EuroISPA’s membership and play a vital role in the Internet sector as a whole. We hope our voice and the voices of fellow industry players will be taken into account as discussions continue about the proposal, in order to protect all the fundamental rights of users whilst tackling the very real concern of CSAM online at an operational level,” added Asko Metsola, Chair of EuroISPA’s Safer Internet Committee.
###