In diesem Artikel sammle ich Informationen rund um die aktuellen Vorgänge innerhalb der EU die möglicherweise zu einer drastischen Einschränkung der Privatsphäre sämtlicher Bürger_innen führen könnten.
- Leak vom 10.Mai 2022: https://twitter.com/presroi/status/1524014880474476544
- Press release 11. Mai 2022: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_2976
- Q&A: https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_2977
- Proposal 11.Mai 2022 https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52022PC0209&from=EN
Das Dokument beginnt mit einem „Explanatory Memorandum“. Hier seien die Punkte „Proportionality“ und „Fundamental Rights“ erwähnenswert. Die Autoren haben sich in letzterem auf den Artikel 52 der EU Charter bezogen, dessen erster Absatz lautet:
„Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.“
Hiermit lässt sich argumentieren, dass die Grundrechte in der EU Charter of fundamental rights Titel 2 Artikel 7 in gewissen Fällen auszuhebeln ist: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12012P/TXT&from=EN#d1e182-393-1
Chapter 1 Article 1
General Provisions – Subject matter and scope
1. This Regulation lays down uniform rules to address the misuse of relevant information society services for online child sexual abuse in the internal market.
It establishes, in particular:
- (a) obligations on providers of relevant information society services to minimise the risk that their services are misused for online child sexual abuse;
- (b) obligations on providers of hosting services and providers of interpersonal communication services to detect and report online child sexual abuse;
- (c) obligations on providers of hosting services to remove or disable access to child sexual abuse material on their services;
- (d) obligations on providers of internet access services to disable access to child sexual abuse material;
- (e) rules on the implementation and enforcement of this Regulation, including as regards the designation and functioning of the competent authorities of the Member States, the EU Centre on Child Sexual Abuse established in Article 40 (‘EU Centre’) and cooperation and transparency.
2. This Regulation shall apply to providers of relevant information society services offering such services in the Union, irrespective of their place of main establishment.
3. This Regulation shall not affect the rules laid down by the following legal acts: […]
4. This Regulation limits the exercise of the rights and obligations provided for in 5(1) and (3) and Article 6(1) of Directive 2002/58/EC insofar as necessary for the execution of the detection orders issued in accordance with Section 2 of Chapter 1 of this Regulation.
[Anmerkung: Definitionen der Fachbegriffe befinden sich in Artikel 2. Diese verweisen auf EU Regulationen etc.]
Article 10 – Technologies and Safeguards
In diesem Abschnitt werden die technischen Maßnahmen beschrieben:
1. Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable, using the corresponding indicators provided by the EU Centre in accordance with Article 46.
2. The provider shall be entitled to acquire, install and operate, free of charge, technologies made available by the EU Centre in accordance with Article 50(1), for the sole purpose of executing the detection order. The provider shall not be required to use any specific technology, including those made available by the EU Centre, as long as the requirements set out in this Article are met. The use of the technologies made available by the EU Centre shall not affect the responsibility of the provider to comply with those requirements and for any decisions it may take in connection to or as a result of the use of the technologies.
3. The technologies shall be:
(a) effective in detecting the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable;
(b) not be able to extract any other information from the relevant communications than the information strictly necessary to detect, using the indicators referred to in paragraph 1, patterns pointing to the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable;
(c) in accordance with the state of the art in the industry and the least intrusive in terms of the impact on the users’ rights to private and family life, including the confidentiality of communication, and to protection of personal data;
(d) sufficiently reliable, in that they limit to the maximum extent possible the rate of errors regarding the detection.
4. The provider shall:
(a) take all the necessary measures to ensure that the technologies and indicators, as well as the processing of personal data and other data in connection thereto, are used for the sole purpose of detecting the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable, insofar as strictly necessary to execute the detection orders addressed to them;
(b) establish effective internal procedures to prevent and, where necessary, detect and remedy any misuse of the technologies, indicators and personal data and other data referred to in point (a), including unauthorized access to, and unauthorised transfers of, such personal data and other data;
(c) ensure regular human oversight as necessary to ensure that the technologies operate in a sufficiently reliable manner and, where necessary, in particular when potential errors and potential solicitation of children are detected, human intervention;
(d) establish and operate an accessible, age-appropriate and user-friendly mechanism that allows users to submit to it, within a reasonable timeframe, complaints about alleged infringements of its obligations under this Section, as well as any decisions that the provider may have taken in relation to the use of the technologies, including the removal or disabling of access to material provided by users, blocking the users’ accounts or suspending or terminating the provision of the service to the users, and process such complaints in an objective, effective and timely manner;
(e) inform the Coordinating Authority, at the latest one month before the start date […]
(f) regularly review the functioning of the measures […]
5. The provider shall inform users in a clear, prominent and comprehensible way of the following: […]
The provider shall not provide information to users that may reduce the effectiveness of the measures to execute the detection order.
6. Where a provider detects potential online child sexual abuse through the measures taken to execute the detection order, it shall inform the users concerned without undue delay, after Europol or the national law enforcement authority of a Member State that received the report pursuant to Article 48 has confirmed that the information to the users would not interfere with activities for the prevention, detection, investigation and prosecution of child sexual abuse offences.
Im weiteren beschreibt das Proposal noch was geschickt werden soll und unter welchen Umständen
- EU Abgeordneter Patrik Breyer: https://www.patrick-breyer.de/beitraege/nachrichtendurchleuchtung/
- Morpheus VLOG auf Youtube
- Bugs in our pockets: https://arxiv.org/abs/2110.07450
Was machen wir?
Zunächst habe ich das Thema mal zu unserem Backlog hinzugefügt, siehe Protokoll 2022-05-20 Kreis 01 JFX.
Zuletzt bearbeitet am 27. Mai 2022 von Adrian Kowar