Data protection supervisor to assess legality of blanket analysis of private communications in search for illegal content

Patrick Breyer (Pirate Party), Member of the European Parliament, has filed a complaint with the data protection authority of Schleswig-Holstein against the practise of large US corporations such as Facebook (Facebook Messenger) and Google (GMail) to generally and indiscrimnately search the content of all private user messages for possible illegal content (“child pornography”).

Patrick Breyer explains: “Using error-prone filtering algorithms on private communications results in the frequent disclosure of completely legal private and intimate sexual or medical images and videos to staff and contractors of US corporations. The responsible employees could illegally disseminate or sell these. Since young people often share intimate photos with each other, company employees could even sell these as ‘child pornography’. This measure endangers the safety and privacy of children and adults alike and must be stopped! We wouldn‘t want the Post Office to open and search all letters as a precautionary measure, would we? Targeted investigations against suspects, including undercover investigations, and sufficient capacities for law enforcement authorities and preventive child protection measures would be the right way forward.”

According to Breyer’s complaint, the general and indiscriminate analysis of private communications content violates the EU‘s General Data Protection Regulation. The ECJ has only recently decided in the La Quadrature du Net case (C-511/18 and C-512/18) that an automated analysis of communications can be proportionate only in the event of an acute threat to national security or limited to the communications of suspected terrorists.

In his letter, Breyer asks the State Commissioner for Data Protection of Schleswig-Holstein, Marit Hansen, for a preliminary legal assessment. A reply is expected in the coming weeks.

Background: The EU seeks to legalise the controversial practise of indiscriminate screening of private communications in a fast-track legislative procedure within a few weeks, and plans to make the screening mandatory next year. Since secure end-to-end encryption makes it impossible to filter message content, the plan has been criticised as an attack on the security of internet communications, which children are also in need of. The blanket analysis of private message content is currently practised by Facebook Messenger, Gmail, Yahoo Messenger, Kik Messenger and Microsoft Xbox. The EU Commission did not want to comment on whether this is in line with the General Data Protection Regulation. Breyer’s complaint seeks to clarify the situation.