2 minute read
4.4 Conditions for the issuance of detection orders
assumed that each and every provider will seek to avoid the issuance of a detection order in order to preserve the confidentiality of communications of its users by applying the most effective, but least intrusive mitigation measures, especially where such mitigation measures interfere with the provider’s freedom to conduct a business according to Article 16 of the Charter.
30. The EDPS and EDPB would like to stress that procedural safeguards can never fully replace substantive safeguards. Thus, the complex process leading to the possible issuance of a detection order described above should be accompanied by clear substantive obligations. The EDPB and EDPS consider that the Proposal lacks clarity on several key elements (e.g. the notions of ‘significant risk’, ‘appreciable extent’, etc.), which cannot be remedied by the presence of multiple layers of procedural safeguards. This is all the more relevant in light of the fact that the entities in charge of applying those safeguards (e.g., providers, judicial authorities, etc.) enjoy a wide margin of appreciationon how to balance the rights at stake in each individual case. In view of the extensive interferences with fundamental rights that would stem from the adoption of the Proposal, the legislator should make sure that the Proposal provides more clarityas to when and where such interferences are allowed. While acknowledging that legislative measures cannot be too prescriptive and must leave some flexibility in their practical application, the EDPB and EDPS consider that the current text of the Proposal leaves too much room for potential abuses due to the absence of clear substantive norms.
Advertisement
31. Given the potential significant impact on a very large number of data subjects(i.e., potentially all users of interpersonal communications services), the EDPB and EDPS stress the need of a high level of legal certainty, clarity and foreseeability of the legislation in order to ensure that the proposed measures are genuinely effective in achieving the objective they pursue and at the same time are the least detrimental to the fundamental rights at stake.
4.4 Conditions for the issuance of detection orders
32. Article 7 of the Proposal provides that the Coordinating Authority of establishment will have the power to request the competent judicial authority or another independent administrative authority of that Member State to issue a detection order requiring a provider of hosting services or a provider of interpersonal communications services to take the measures specified in Article 10 to detect online child sexual abuse on a specific service.
33. The EDPB and EDPS take due account of the following elements to be fulfilled prior to the issuance of a detection order:
a. there is evidence of a significant risk of the service being used for the purpose of online child sexual abuse, within the meaning of Article 7, paragraphs 5, 6 or 7, as applicable;
b. the reasons for issuing the detection order outweigh the negative consequences for the rights and legitimate interests of all parties affected, having regard in particular to the need to ensure a fair balance between the fundamental rights of those parties.
34. The meaning of significant risk is specified at paragraph5 and following of Article 7, depending on the type of detection order under consideration. Significant risk shall be assumed in the case of detection orders regarding the detection of known CSAM if:
a. it is likely, despite any mitigation measures that the provider may have taken or will take, that the service is used, to an appreciable extent for the dissemination of known child sexual abuse material; and
