The European Commission is again under pressure to more fully disclose its dealings with private technology companies and other stakeholders in relation to controversial technology policies. The technology policy could make it mandatory for European Union citizens to have their private messages scanned by law. Child Sexual Abuse Materials (CSAM).
The issue is notable because concerns have been raised that lobbying by the technology industry is influencing the European Commission's drafting of the controversial CSAM scan proposal. Some of the information being withheld relates to communications between the EU and private companies that could be potential suppliers of CSAM scanning technology. This means companies stand to benefit commercially from pan-EU legislation that mandates message scanning.
The EU's ombudsman Emily O'Reilly's preliminary finding of maladministration was obtained on Friday and published on its website yesterday. Back in January, the Ombudsman reached a similar conclusion and asked the Commission to respond to its concerns. The latest findings factor in the reaction of the EU Executive, which calls on the European Commission to provide a “detailed opinion” on its recommendations by July 26, but this story is not yet complete. It is not over.
Meanwhile, the draft CSAM scanning bill remains in discussion with EU co-legislators, despite warnings from the Council's own legal department that the proposed approach is illegal. European data protection regulators and civil society groups have also warned that the proposal marks a turning point for democratic rights in the EU. Meanwhile, back in October, members of the European Parliament, who also oppose the European Commission's travel direction, proposed significant draft amendments aimed at placing limits on the scope of scans. However, the ball is in the Council's court as member governments have yet to decide on their own negotiating positions on the file.
Despite growing alarm and opposition in many EU institutions, the European Commission continues to support the controversial CSAM detection directive. The law could force platforms to introduce client-side scanning, ignoring warnings from critics that it could have a dire impact on European web users. “Privacy and Security.
It hardly helps that there is a continued lack of transparency regarding the decision-making process of the EU Executive in drafting this controversial bill, suggesting that certain self-serving commercial interests were involved in shaping the original proposal. This is fueling concerns that this may have happened.
Since December, the EU's ombudsman has been considering a complaint by a journalist seeking access to documents related to the CSAM regulation and the EU's “relevant decision-making processes”.
The Ombudsman is largely unimpressed by the level of transparency shown after considering the information withheld by the Commission and its defenses.
The commission released some data in response to a journalist's request for public access, but it completely withheld 28 documents and partially redacted information on a further five – public security concerns. It listed a wide range of exceptions to refusals to disclose, including: The need to protect personal data. The need to protect commercial interests. The need to protect legal advice. and the need to protect that decision-making.
According to information released by the ombudsman, five of the documents related to the complaint concerned “interactions with technology industry interest representatives.” Although it does not say which companies were responding to the commission, a BalkanInsights investigative report from September last year said US-based Thorne, a maker of AI-based child safety technology, was implicated in lobbying on the file. It was said that he was doing so.
Other documents withheld or redacted by the committee include draft impact assessments during the drafting of the bill. and comments from legal services.
When it comes to information on the EU's interactions with tech companies, the Ombudsman questions many of the Commission's justifications for withholding data. For example, in the case of one of these documents, the EU took the decision to redact the details of the document, whereas the information exchanged between law enforcement agencies and a number of anonymous companies was subject to public security reasons. Although this may be justified, there is no clear reason to hide the company name itself.
“If the information exchanged between companies and law enforcement agencies is redacted, it is not immediately clear how disclosing the names of the companies involved could compromise public safety. ” writes the ombudsman.
In another example, the Ombudsman objected to the Commission's apparently selective disclosure of information relating to input from technology industry representatives, writing: She considered the “reserve options” that were withheld to be more sensitive than those that she decided to disclose to the complainant. ”
The Ombudsman's conclusions at this point in the investigation reiterate previous findings of mismanagement by the commission, which refused to grant “broad public access” to 33 documents. In his recommendation, O'Reilly said: “The Commission should reconsider its position on access requests, taking into account the Ombudsman's considerations shared in this recommendation, with a view to providing significantly increased access. “You should,” he wrote.
The commission was contacted about the Ombudsman's latest findings on the charges, but did not receive a response at the time of writing.