Explanatory Memorandum to COM(2023)777 - Amendment of Regulation 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC for the purpose of combating online child sexual abuse - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2023)777 - Amendment of Regulation 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC for the purpose ... |
|---|---|
| source | COM(2023)777 |
| date | 30-11-2023 |
1. CONTEXT OF THE PROPOSAL
• Reasons for and objectives of the proposal
Regulation (EU) 2021/1232 (“Interim Regulation”)1 lays down temporary and strictly limited rules derogating from certain obligations laid down in Directive 2002/58/EC (“the ePrivacy Directive”), with the sole objective of enabling providers of certain number-independent interpersonal communications services to use specific technologies for the processing of personal and other data to the extent strictly necessary to detect online child sexual abuse on their services and report it and to remove online child sexual abuse material from their services.
As explained in its Recital 10, the Interim Regulation is intended to provide a temporary solution pending the adoption of a long-term legal framework to tackle child sexual abuse at Union level. According to its Article 10, second subparagraph, the Interim Regulation will expire on 3 August 2024.
The proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse,2 which the Commission adopted on 11 May 2022, aims to provide that long-term legal framework.
The inter-institutional negotiations on the proposed long-term Regulation have not concluded and it is uncertain that they will conclude for the long-term Regulation to enter into force and to apply before the Interim Regulation is set to expire. Therefore, it is necessary to introduce through this proposal a limited time extension to the Interim Regulation, to enable the continuation of the above voluntary activities during a sufficient period of time to allow the inter-institutional negotiations of the long-term Regulation to conclude. This will ensure that child sexual abuse online can be effectively and lawfully combated without interruptions until the long-term regime created by the proposed Regulation is agreed.
• Consistency with existing policy provisions in the policy area
This proposal delivers on commitments made in the EU Strategy for a More Effective Fight Against Child Sexual Abuse, notably to propose legislation to tackle child sexual abuse online effectively. The current EU legal framework in this area consists of Union legislation relating to child sexual abuse, such as the Child Sexual Abuse Directive, and the Interim Regulation, which applies until 3 August 2024.
The proposed legislation complements the European Strategy for a Better Internet for Children3, which aims to create safe digital experiences for children and to promote digital empowerment.
• Consistency with other Union policies
The proposal extends the period of application of the Interim Regulation, for a limited period of time, without otherwise amending that Regulation in any way.
Consequently, as is the case with the Interim Regulation as it stands prior to the amendment now proposed, the approach embodied therein builds on the General Data Protection Regulation4 (GDPR). As explained in Recitals 12 and 15 as well as Article 1(1) of the Interim Regulation, the GDPR applies and is left unaffected by the Interim Regulation. Therefore, the rules set out in the GDPR must continue to be respected, including those on the lawfulness of processing (Article 6). In practice, providers tend to invoke various grounds for processing provided for in the GDPR to carry out the processing of personal data inherent in voluntary detection and reporting of child sexual abuse online.
The proposal, as is the case for the Interim Regulation as it stands, covers providers that offer number independent interpersonal communications services and hence are subject to national provisions implementing the ePrivacy Directive5 and its proposed revision currently in negotiations6, with both of which the proposal is coherent.
The proposal is also coherent with the Digital Services Act (DSA)7. The Interim Regulation, as to be extended, complements the horizontal framework of the DSA, setting out specific rules where needed for the particular case of combating online child sexual abuse.
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
The relevant legal bases are Article 16 and Article 114 of the Treaty on the Functioning of the European Union (‘TFEU’). These provisions are also the legal bases of the Interim Regulation.
• Subsidiarity (for non-exclusive competence)
According to the principle of subsidiarity, EU action may only be taken if the envisaged aims cannot be achieved by Member States alone. EU intervention is needed to maintain the ability of providers of number-independent interpersonal communications services to voluntarily detect and report child sexual abuse online and remove child sexual abuse material, as well as to continue ensuring a uniform and coherent legal framework for the activities in question throughout the internal market, as provided for in the Interim Regulation. The limited time extension of the Interim Regulation can only be adopted by Union legislation.
• Proportionality
The proposal complies with the principle of proportionality as set out in Article 5 of the Treaty on European Union as it will not go beyond what is necessary for the achievement of the set objectives. It introduces a limited time extension to the targeted and temporary derogation as regards certain aspects of changes to the current framework in order to ensure that certain measures remain permissible to the extent that they currently comply with Union law.
The duration of the extension is limited to a time period strictly necessary to adopt the long-term legislation, as can reasonably be assessed at present having regard in particular to the current state of the negotiations and the upcoming elections of the European Parliament.
• Choice of the instrument
The objectives of the present proposal can best be pursued through a Regulation, given that the act that is amended, namely the Interim Regulation, is also a Regulation.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Ex-post evaluations/fitness checks of existing legislation
• Stakeholder consultations
• Collection and use of expertise
• Impact assessment
In view of the policy objective and the time-sensitive nature of the issue, there are no other materially different policy options available, and thus no impact assessment is necessary. In particular, the measure intends to introduce a limited time extension of the interim and strictly limited derogation from the applicability of Articles 5(1) and 6 of the ePrivacy Directive to ensure that number-independent interpersonal communications service providers can continue to voluntarily using specific technologies to detect and report child sexual abuse online and to remove child sexual abuse material on their services after 3 August 2024, pending the adoption of long-term legislation.
• Fundamental rights
The proposal takes full account of the fundamental rights and principles recognised by the Charter of Fundamental Rights of the European Union (“the Charter”).
The proposed measures comply with Article 7 of the Charter, which protects the fundamental right of everyone to the respect for his or her private and family life, home and communications, and includes the confidentiality of communications. Moreover, to the extent that the processing of electronic communications by number-independent interpersonal communications services for the sole purpose of detecting and reporting child sexual abuse online and removing child sexual abuse material falls into the scope of the derogation created by this proposal, the GDPR, which implements in secondary legislation Article 8(1) of the Charter, which provides that everyone enjoys the right to the protection of personal data, continues to apply to such processing.
In addition, the proposal complies with Article 24(2) of the Charter, which provides that, in all actions relating to children, whether taken by public authorities or private institutions, the child’s best interests must be a primary consideration. It also complies with Articles 1, 3 and 4 of the Charter, on the rights to human dignity, the right to the integrity of the person and the prohibition of inhuman or degrading treatment, respectively, considering that child sexual abuse can (gravely) interfere with these fundamental rights of the children involved.
Finally, by making it possible, subject to certain appropriate conditions, for providers to take voluntary measures to tackle possible misuse of their services, the proposal also takes account of their freedom to conduct a business, guaranteed under Article 16 of the Charter.
4. BUDGETARY IMPLICATIONS
This proposal has no implications for the EU budget.
5. OTHER ELEMENTS
• Implementation plans and monitoring, evaluation and reporting arrangements
• Detailed explanation of the specific provisions of the proposal
Article 1 sets out the amendment to the Interim Regulation brought about by the present Regulation, consisting of a limited extension of the period of application of the Interim Regulation. That is the sole amendment made to the Interim Regulation.
Article 2 sets the date for entering into force of the present Regulation.