The European Union's privacy watchdogs on Friday criticised proposed rules to combat online child sexual abuse, saying their potential impact on individuals' privacy and personal data posed risks for fundamental rights and could harm the children they aim to protect.
Under regulations proposed by the EU's executive in May, Google, Meta and other online service providers would be required to find, remove and report online child pornography.
Companies that fail to comply with the rules would face fines up to 6% of their annual income or global turnover.
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) said the European Commission's proposal could present more risks to individuals and society at large than to criminals pursued for child sexual abuse material.
"There can be no doubt that child sexual abuse is a most abhorrent crime that demands swift and effective action, but the proposal as it stands contains some serious shortcomings," EDPB Deputy Chair Ventsislav Karadjov said in a statement.
The two independent EU bodies said the proposal lacked legal certainty, endangered end-to-end encryption and could lead to detection orders that harm those they seek to protect by exposing children to monitoring or eavesdropping.
The rules would apply to hosting services and interpersonal communication services such as messaging services, app stores and internet access providers.
The European Commission said its proposal aimed to replace a system of voluntary detection and reporting by companies that had proven to be insufficient to protect children.
It cited the more than one million reports of child sexual abuse in the 27-country bloc in 2020, with the COVID-19 pandemic a factor in the 64% rise in such reports in 2021 compared with the previous year. On top of that, 60% of child sexual abuse material worldwide is hosted on EU servers.
(Reporting by Charlotte Van Campenhout and John Chalmers; Editing by Hugh Lawson)