By Joe McNamee

The European Commission proposed its badly drafted “Directive on combating sexual abuse, sexual exploitation of children and child pornography” in 2010. In 2011, it was finally adopted by the Council of the European Union and the European Parliament.

----------------------------------------------------------------- Support our work with a one-off-donation! -----------------------------------------------------------------

Under the Directive, the European Commission was legally required to publish an implementation report by 18 December 2015. The Commission ignored its legal obligation and published its report a year late, on 16 December 2016. It published one report on the whole Directive and one on the implementation of Article 25 on the Directive, on internet blocking. Despite taking an extra year to collect information, the 13-page document is almost entirely devoid of useful data.

On 14 December 2017, the European Parliament adopted a Resolution which details the shocking failure of the European Commission to take the issue seriously. In particular, the report lists the data that should have been, but was not, collected. Key criticisms include:

“D. whereas the Commission’s implementation report does not provide any statistics on the take-down and blocking of websites containing or disseminating images of child sexual abuse, especially statistics on the speed of removal of content, the frequency with which reports are followed up by law enforcement authorities, the delays in take-downs due to the need to avoid interference with ongoing investigations, or the frequency with which any such stored data is actually used by judicial or law enforcement authorities;”

Very unusually the Parliament uses the word “deplores” to describe both the lateness of the reports and the absence of meaningful data in the report.

“3. Deplores that the Commission was not able to present its implementation reports within the deadline set out in Article 28 of Directive 2011/93/EU and that the two evaluation reports presented by the Commission merely documented transposition into national law by Member States and did not fully assess their compliance with the Directive; requests the Member States to cooperate and forward to the Commission all of the relevant information on the implementation of the Directive, including statistics;”

A further failing identified by the European Parliament concerned hotlines. Despite the European Commission having used taxpayer money to fund national hotlines for over a decade, no assessment of the efficiency of the hotline system was mentioned. The European Parliament said that it:

“5. Considers it regrettable that the Commission’s implementation report fails to mention whether it assessed the efficiency of the INHOPE system when it transfers reports to counterparts in third countries;”

In an important step forward, the Parliament recognised that “blocking” is not one thing, but a range of technologies, with varying degrees of effectiveness and intrusiveness. It therefore criticised the Commission’s incompetent references to “blocking” which do not provide any meaningful insights. It also praised the fact that the implication of the Commission’s report is that it has abandoned the support for “blocking” (whatever it understands by that word, if anything):

“6. Considers it regrettable that the Commission has failed to collect data on the types of blocking that have been used; considers it regrettable that data has not been published on the number of websites on blocking lists in each country; considers it regrettable that there is no assessment of the use of security methods, such as encryption, to ensure that blocking lists are not leaked and thereby become seriously counterproductive; welcomes the fact that, having promoted mandatory blocking in 2011, the Commission has explicitly abandoned this position;”

“42. Regrets the fact that the Commission has neither assessed the security of blocking lists, the technologies used for blocking in those countries that have implemented the measures, the implementation of security measures, such as encryption, for the storage and communication of blocking lists, nor carried out any meaningful analysis of the effectiveness of this measure;”

The Parliament resolution concludes with a demand for the Commission to produce another report, this time with the data that should have been provided in the first place:

“53. Calls on the Commission to continue keeping Parliament regularly informed on the state of play in relation to compliance with the Directive by the Member States, by providing disaggregated and comparable data on the Member States’ performance in preventing and combating child sexual abuse and exploitation offline and online; calls on the Commission to present a more comprehensive report on the implementation of the Directive, which should include additional information and statistics on take-down and blocking of websites containing child sexual abuse material, statistics on the speed of removal of illegal content beyond a period of 72 hours and on the follow-up by the law enforcement authorities to the reported offences, delays in take-downs as a result of the need to avoid interference with ongoing investigations, information on the use of the stored data by judicial and law enforcement authorities and on the actions undertaken by hotlines after informing the law enforcement authorities to contact the hosting providers; instructs its relevant committee to hold a hearing on the state of play in relation to implementation and possibly consider adopting an additional report on the follow up given to the implementation of the Directive;”

Included in the Commission proposal in 2010 was a demand for mandatory internet blocking, which was indicative of the superficial, political and indifferent attitude of the Commission to the issues at hand. It was accompanied by possibly the worst “impact assessment” that the European Commission has ever produced, which included analysis that suggested that internet blocking that is not based on a specific law definitely is legal, definitely is not legal and may or may not be legal. An internal review of the impact assessment said that it needed “to be significantly improved” and even the “baseline scenario” needed to be “reworked”. Seven working days later, the Directive and Impact Assessment were published. It is not clear whether any improvements were made to either the Directive or Impact Assessment in the course of those seven days.

Report from the Commission assessing the implementation of the measures referred to in Article 25 of Directive on combating the sexual abuse and sexual exploitation of children and child pornography (16.12.2016)

European Parliament resolution on the implementation of Directive on combating the sexual abuse and sexual exploitation of children and child pornography (14.12.2017)

Impact assessment: Council Framework Decision on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA

Internal review of the impact assessment

(Contribution by Joe McNamee, EDRi)