In [1], pages 10 and 11 are the actual directive, the rest is the reasoning. And, although I don't know the previous directives and regulations, it reads as if this is essentially an extension of an exception to the ePrivacy directive for another five years.
Birgit Sippel says in her statement to the president of the parliament [2]:
> Dieses Gesetz ist eine Übergangslösung für drei Jahre. Die Kommission hatte versprochen, noch vor der Sommerpause einen neuen, dauerhaften Rahmen für die Aufdeckung von Kindesmissbrauch vorzuschlagen. Jetzt dauert es noch bis September oder Oktober. Dafür erwarte ich einen deutlich verbesserten Vorschlag. Die langfristige Lösung muss sich mindestens an den Datenschutzgarantien der temporären Lösung orientieren. Sie muss zwingend Lösungen für das gezieltere Scannen privater Kommunikation finden, sonst wird sie vor nationalen und europäischen Gerichten kaum Bestand haben.
Translated (by myself):
> This law is a short term solution for three years. The commission promised a permanent solution to combat child abuse before the summer break. Now, this will take until September or October. Thus, I await a much better proposal. The long term solution must have at least the same guarantees for data protection as the short term solution. It [the long term solution] must have solutions for purposeful/targeted ("gezielt") scanning of private communication, otherwise it will not hold up in front of national or European courts.
So maybe things do not change that much right now.
But back to [1], I am especially curious about article 3(e):
> the provider annually publishes a report on its related processing, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied
Do you know if and where such statistics are published? (today?)
People react strongly to such things because we’ve all lived long enough to see new powers targeted at bad actors eventually abused by law enforcement.
It's not overblown. The horror that is the "Patriot Act" was temporary, until it wasn't. It only expired in December 2020, 19 years later, because Trump threatened to veto it if he didn't get his way, and as a result it expired because nobody chose to vote on it. If I was a betting man, I would assume it's still in use even when expired.
Birgit Sippel says in her statement to the president of the parliament [2]: > Dieses Gesetz ist eine Übergangslösung für drei Jahre. Die Kommission hatte versprochen, noch vor der Sommerpause einen neuen, dauerhaften Rahmen für die Aufdeckung von Kindesmissbrauch vorzuschlagen. Jetzt dauert es noch bis September oder Oktober. Dafür erwarte ich einen deutlich verbesserten Vorschlag. Die langfristige Lösung muss sich mindestens an den Datenschutzgarantien der temporären Lösung orientieren. Sie muss zwingend Lösungen für das gezieltere Scannen privater Kommunikation finden, sonst wird sie vor nationalen und europäischen Gerichten kaum Bestand haben.
Translated (by myself): > This law is a short term solution for three years. The commission promised a permanent solution to combat child abuse before the summer break. Now, this will take until September or October. Thus, I await a much better proposal. The long term solution must have at least the same guarantees for data protection as the short term solution. It [the long term solution] must have solutions for purposeful/targeted ("gezielt") scanning of private communication, otherwise it will not hold up in front of national or European courts.
So maybe things do not change that much right now.
But back to [1], I am especially curious about article 3(e): > the provider annually publishes a report on its related processing, including on the type and volumes of data processed, number of cases identified, measures applied to select and improve key indicators, numbers and ratios of errors (false positives) of the different technologies deployed, measures applied to limit the error rate and the error rate achieved, the retention policy and the data protection safeguards applied
Do you know if and where such statistics are published? (today?)
[2]: https://www.europarl.europa.eu/doceo/document/CRE-9-2021-07-...