Open letter: Protecting digital rights and freedoms in the Legislation to effectively tackle child abuse

EDRi is one of 52 civil society organisations jointly raising our voices to the European Commission to demand that the proposed EU Regulation on child sexual abuse complies with EU fundamental rights and freedoms. You can still add your voice now!

By EDRi · March 17, 2022

52 civil society organisations jointly raised our voices to the European Commission to demand that the proposed EU Regulation on child sexual abuse complies with EU fundamental rights and freedoms.

Tackling the online dissemination of child sexual abuse and exploitation material (CSAM) is an important part of the broader global fight to protect young people from sexual abuse and exploitation. In particular, this fight requires a comprehensive approach by governments and companies to prevent such egregious crimes before they happen. In the context of the upcoming EU legislation to effectively tackle child abuse, we urge the Commission to ensure that people’s private communications do not become collateral damage of the forthcoming legislation.

As the shocking events of past weeks have emphasised, privacy and safety are mutually reinforcing rights. People under attack depend on privacy-preserving technologies to communicate with journalists, to coordinate protection for their families, and to fight for their safety and rights. Equally in peacetime, people’s ability to communicate without unjustified intrusion – whether online or offline – is vital for their rights and freedoms, as well as for the development of vibrant and secure communities, civil society and industry.

We, the undersigned 52 organisations, strongly believe that we need to work together to find long-term solutions to the dissemination of CSAM online which are based in evidence and are respectful of all fundamental rights and the rule of law:

European Digital Rights (EDRi) (International)
ApTI (Romania)

ARTICLE 19 (International)
Associação Portuguesa para a Promoção da Segurança da Informação (Portugal)
Big Brother Watch (UK)

Bits of Freedom (The Netherlands)

Centre for Democracy & Technology (CDT) (International)

Chaos Computer Club (CCC) (Germany)
Committee to Protect Journalists (CPJ) (International)
Cryptoparty Köln-Bonn (Germany)
Data Rights (The Netherlands / European) (Sweden)

Defend Digital Me (UK)

Derechos Digitales (International)
Deutscher Anwaltverein (DAV) (Germany)

Deutsche Vereinigung für Datenschutz (DVD) (Germany)

DieDatenschützerRheinMain (Germany)
Digitalcourage (Germany)

Digitale Gesellschaft (Germany)

Državljan D/Citizen D (Slovenia)

EURAFRI Networking (International)
European Federation of Journalists (European)
Electronic Frontier Foundation (EFF) (International)

Electronic Frontier Finland (Effi)
Electronic Frontier Norway (EFN)
Electronic Privacy Information Center (EPIC) (United States)
Entropia (Germany)
European Center for Not-for-Profit Law (ECNL)

European Sex Workers’ Rights Alliance (ESWA)

Foundation for Information Policy Research (FIPR) (UK / European)

Global Voices (the Netherlands / International)

Global Forum for Media Development (International)
Giordano Bruno Foundation (Germany)
Homo Digitalis (Greece)

Internet Society Catalan Chapter (ISOC-CAT) (European)

Irish Council for Civil Liberties (ICCL) (Ireland)
ISOC Brazil – Brazil Chapter of the Internet Society (Brazil)

IT-Pol Denmark

LGBT Technology Partnership (International)

Ligue des droits humains (Belgium)

Mnemonic (Germany / International)

Open Governance Network for Europe

Open Rights Group (ORG) (UK)

pEp Foundation (Switzerland)
Privacy and Access Council of Canada

Privacy International (PI)

Ranking Digital Rights (International)
SaveTheInternet (Germany)
StopACTA2 (Poland)
Tech for Good Asia
TOPIO – public space for privacy
(Germany) (The Netherlands)


Please note that this letter was originally published on 17 March 2022 with 35 signatory organisations, and has been updated to reflect the additional signatures that also joined, reaching a total of 52. As the European Commission has now put forward their legislative proposal, this letter has now been superceded by a more recent civil society letter calling to withdraw the proposed CSA Regulation.

Read more

A beginner’s guide to EU rules on scanning private communications: Part 1

In July 2021, the European Parliament and EU Council agreed temporary rules to allow webmail and messenger services to scan everyone’s private online communications. In 2022, the European Commission will propose a long-term version of these rules. In the first installment of this EDRi blog series on online ‘CSAM’ detection, we explore the history of the file, and why it is relevant for everyone’s digital rights.

Read more


A beginner’s guide to EU rules on scanning private communications: Part 2

Vital EU rules on human rights and on due process protect all of us from unfair, arbitrary or discriminatory interference with our privacy by states and companies. As we await the European Commission’s proposal for a law which we fear may make it mandatory for online chat and email services to scan every person’s private messages all the time, which may constitute mass surveillance, this blog explores what rights-respecting investigations into child sexual abuse material (CSAM) should look like instead.

Read more


Chat control: 10 principles to defend children in the digital age

The automated scanning of everyone’s private communications, all of the time, constitutes a disproportionate interference with the very essence of the fundamental right to privacy. It can constitute a form of undemocratic mass surveillance, and can have severe and unjustified repercussions on many other fundamental rights and freedoms, too.

Read more


Private communications are a cornerstone of democratic society and must be protected in online CSAM legislation

On 17 March 2022, EDRi and 34 other civil society organisations jointly raised our voices to the European Commission to demand that the forthcoming EU ‘Legislation to effectively tackle child sexual abuse’ complies with EU fundamental rights and freedoms. We are seriously concerned that the draft law does not meet the requirements of proportionality and legitimacy that are rightly required of all EU laws, and would set a dangerous precedent for mass spying on private communications.

Read more


CSA Regulation Document Pool

This document pool contains updates and resources on the EU's proposed 'Regulation laying down rules to prevent and combat child sexual abuse' (CSA Regulation)

Read more


European Commission’s online CSAM proposal fails to find right solutions to tackle child sexual abuse

Today, 11 May, is a worrying day for every person in the EU who wants to send a message privately without exposing their personal information, like chats and photos, to private companies and governments. The European Commission has adopted its “Regulation laying down rules to prevent and combat child sexual abuse” material online, including measures which put the vital integrity of secure communications at risk.

Read more


Private and secure communications attacked by European Commission’s latest proposal

On 11 May, the European Commission put forward a proposal for a ‘Regulation laying down rules to prevent and combat child sexual abuse’ to replace the interim legislation that EDRi fought against last year. In our immediate reaction, EDRi warned that the new proposal creates major risks for the privacy, security and integrity of private communications, not just in the EU, but globally. Here, we unpack a bit more about the legislative proposal, and why we are so concerned.

Read more