Tech companies call for CISM ePrivacy derogation legal certainty

Google, Meta, Microsoft, and Snap have issued a joint statement criticising EU lawmakers for failing to renew the temporary ePrivacy derogation, which expired on 3 April, that allowed technology companies to automatically scan platforms for child sexual abuse material (CSAM). The companies argue that the situation creates legal uncertainty and risks leaving children worldwide less protected.

For years, platforms have used voluntary measures, including hash-matching technology, to detect, remove, and report illegal content. 

Despite the lapse of the derogation, the tech companies reaffirmed their commitment to child safety and privacy, stating that they would continue to take voluntary action across their interpersonal communication services to disrupt the exploitation of minors. However, they have urged EU institutions to conclude negotiations on a long-term regulatory framework as a matter of urgency to restore legal certainty.

In an update during a briefing on Tuesday, European Commission spokespeople declined to confirm whether tech companies continuing to scan for CSAM are breaching EU law, citing a desire not to speculate.  

Training Announcement: The IAPP Certified Information Privacy Technologist (CIPT) is a privacy-focused professional IT certificate from the IAPP that addresses data protection requirements and controls within complex technological environments. It explores the data lifecycle, privacy risk models and frameworks, the principles of Privacy by Design, and the role of privacy-enhancing technologies within the organisation. Find out more.