A vote scheduled today to amend a draft law that may require WhatsApp and Signal to scan people’s pictures and links for potential child sexual abuse material was removed from European Union countries’ agenda, according to three EU diplomats.
Ambassadors in the EU Council were scheduled to decide whether to back a joint position on an EU regulation to fight child sexual abuse material (CSAM). But many EU countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain or oppose the law over cybersecurity and privacy concerns.
“In the last hours, it appeared that the required qualified majority would just not be met,” said an EU diplomat from the Belgian presidency, which is spearheading negotiations until end June as chair of the EU Council.
The draft law, proposed in 2022, has drawn controversy for potentially forcing messaging apps to scan all images and links to find and report child abuse material and conversations between potential offenders and minors, known as grooming. Privacy groups have cried foul over the law, saying it effectively breaks end-to-end encrypted messaging.
European Commission Vice President Věra Jourová said Thursday the Commission’s original proposal meant “that even encrypted messaging can be broken for the better protection of children.”
The Belgian Council presidency has been trying for the last six months to solve a deadlock among EU countries to move negotiations forward to finalize the law.
Some EU heavyweights like Germany and Poland have backed privacy experts’ warnings that it threatens privacy. Others like Ireland and Spain have insisted on the need for a strong law to monitor online content amid a spike in child sexual abuse material since the pandemic.
Under the Belgians’ plan, obtained by POLITICO earlier, messaging apps would scan pictures and links when users upload them via their services, and users would be informed of this under the terms and conditions. Users who refused the regime would be blocked from sending pictures and links.
Highly secure apps using end-to-end encryption like WhatsApp, Signal and Messenger would also have to respect such measures. The draft proposal however exempted “accounts used by the State for national security purposes.”
Once EU countries agree on a joint position, they will still have to negotiate the final version of the law with the European Parliament and European Commission. Parliament has taken a more privacy-friendly stance in its own version of the law adopted in November 2023.