The European Commission has again been urged to more fully disclose its dealings with private technology corporations and other stakeholders, in relation to a controversial piece of tech policy that would see a law mandate the scanning of European Union residents’ private messages in a bid to detect child sexual abuse material (CSAM).
The problem is of note as concerns have been raised about lobbying by the tech industry influencing the Commission’s drafting of the controversial CSAM-scanning proposal. Among the information withheld pertains to correspondence between the EU and personal firms that might be potential suppliers of CSAM-scanning technology — meaning they stand to realize commercially from any pan-EU law mandating message scanning.
The preliminary finding of maladministration by the EU’s ombudsman, Emily O’Reilly, was reached on Friday and made public on its website yesterday. Back in January, the ombudsman got here to the same conclusion — inviting the Commission to reply to its concerns. Its latest findings think about the EU executive’s responses and invite the Commission to reply to its recommendations with a “detailed opinion” by July 26 — so the saga isn’t over yet.
The draft CSAM-scanning laws, meanwhile, stays on the table with EU co-legislators — despite a warning from the Council’s own legal service that the proposed approach is illegal. The European Data Protection Supervisor and civil society groups have also warned the proposal represents a tipping point for democratic rights within the EU. While, back in October, lawmakers within the European Parliament who’re also against the Commission’s direction of travel proposed a substantially revised draft that goals to place limits on the scope of the scanning. However the ball is within the Council’s court as Member States’ governments have yet to decide on their very own negotiating position for the file.
Despite growing alarm and opposition across a variety of EU institutions, the Commission has continued to face behind the controversial CSAM detection orders — ignoring warnings from critics the law could force platforms to deploy client-side scanning, with dire implications for European web users’ privacy and security.
An ongoing lack of transparency vis-à-vis the EU executive’s decision-making process when it drafted the contentious laws hardly helps — fueling concerns that certain self-interested industrial interests can have had a task in shaping the unique proposal.
Since December, the EU’s ombudsman has been considering a grievance by a journalist who sought access to documents pertaining to the CSAM regulation and the EU’s “associated decision-making process”.
After reviewing information the Commission withheld, together with its defence for the non-disclosure, the ombudsman stays largely unimpressed with the extent of transparency on show.
The Commission released some data following the journalist’s request for public access but withheld 28 documents entirely and, within the case of an additional five, partially redacted the knowledge — citing a variety of exemptions to disclaim disclosure, including public interest as regards public security; the necessity to protect personal data; the necessity to protect industrial interests; the necessity to protect legal advice; and the necessity to protect its decision-making.
In keeping with information released by the ombudsman, five of the documents linked to the grievance pertain to “exchanges with interest representatives from the technology industry”. It doesn’t list which corporations were corresponding with the Commission, but U.S.-based Thorn, a maker of AI-based child safety tech, was linked to lobbying on the file in an investigative report by BalkanInsights last September.
Other documents within the bundle that were either withheld or redacted by the Commission include drafts of its impact assessment when preparing the laws; and comments from its legal service.
With regards to info pertaining to the EU’s correspondence with tech corporations, the ombudsman questions lots of the Commission’s justifications for withholding the info — finding, for instance within the case of one in every of these documents, that while the EU’s decision to redact details of the knowledge exchanged between law enforcement and a variety of unnamed corporations could also be justified on public security grounds there is no such thing as a clear reason for it to withhold the names of corporations themselves.
“It is just not readily clear how disclosure of the names of the businesses concerned could possibly undermine public security, if the knowledge exchanged between the businesses and law enforcement has been redacted,” wrote the ombudsman.
In one other instance, the ombudsman takes issue with apparently selective info releases by the Commission pertaining to input from tech industry reps, writing that: “From the very general reasons for non-disclosure the Commission provided in its confirmatory decision, it is just not clear why it considered the withheld ‘preliminary options’ to be more sensitive than people who it had decided to open up to the complainant.”
The ombudsman’s conclusion at this point of the investigation repeats its earlier finding of maladministration on the Commission for refusal to present “wide public access” to the 33 documents. In her suggestion, O’Reilly also writes: “The European Commission should re-consider its position on the access request with a view to providing significantly increased access, taking into consideration the Ombudsman’s considerations shared on this suggestion.”
The Commission was contacted concerning the ombudsman’s latest findings on the grievance but at press time it had not provided a response.
