What's New :
Target PT - Prelims Classes 2025. Visit Here
24th June 2024 (12 Topics)

European Union's 'Chat Control' Law

Context

The European Union's proposed 'chat control' law, aimed at combating child sexual abuse online, has sparked controversy due to concerns over privacy and potential undermining of encryption.

Key-highlights of the Proposal

  • Report Title: Regulation on combating child sexual abuse online
  • Proposed by European Commissioner for Home Affairs Ylva Johansson in May 2022
  • Allows for mass scanning of private messages by breaking end-to-end encryption
  • France, Germany, and Poland have opposed the clause on encryption breaking
  • Spain and Ireland's Interior Ministers have supported the proposal
  • A network of children's rights advocates criticize EU leaders for inaction on child sexual abuse

Privacy Concerns

  • End-to-end Encryption: Breaking encryption could create vulnerabilities exploitable by third parties, compromising user privacy.
  • Mass Surveillance: The law could potentially be misused by governments for bulk surveillance of citizens.
  • Precedent Setting: Implementation of such measures in the EU could encourage similar laws in less democratic countries.

Technical Challenges

  • Feasibility Issues: Scanning encrypted messages without compromising security remains a technical challenge.
  • False Positives: Mass scanning could lead to a high rate of false positives, causing unnecessary intrusions.
  • Operational Costs: Implementing and maintaining such systems could be expensive for tech companies.
Impact on Tech Industry
  • Company Resistance: Major tech firms and messaging apps threaten to leave markets if forced to implement such measures.
  • Innovation Hindrance: Stringent regulations could stifle innovation in privacy-preserving technologies.
  • Market Fragmentation: Differing regulations across regions could lead to fragmentation of digital services.
Who are Data Fiduciaries?
  • The government has defined 'data fiduciary' as any person who alone or in conjunction with other persons determines the purpose and means of the processing of personal data. A data fiduciary can process the personal data of a data principal (user) who has given or is deemed to have given her consent.
  • Key features of the New Data protection Bill:
    • Regarding Data protection principles: The current draft removes explicit reference to certain data protection principles such as collection limitation.
      • This would allow a data fiduciary to collect any personal data consented to by the data principal.
  • Concept of ‘Deemed consent’: The DPDP Bill, 2022 also introduces the concept of “deemed consent”.
  • It bundles purposes of processing that were either exempt from consent-based processing or were considered “reasonable purposes” for which personal data processing could be undertaken on the ground of “deemed consent”. 
  • Fines and PenaltiesFor breach of Law; According to the new bill, Companies dealing with the personal data of consumers that fail to take reasonable safeguards to prevent data breaches could end up facing penalties as high as around Rs.200 crore.
    • Under the previous bill, the penalty proposed on a company for violation of the law was 15 crores or 4 percent of its annual turnover, whichever is higher.
  • For intimidating: Penalties are expected to vary based on the nature of non-compliance by data fiduciaries — entities that handle and process the personal data of individuals.
  • Companies failing to notify people impacted by a data breach could be fined around Rs.150 crore, and those failing to safeguard children’s data could be fined close to Rs.100 crore.
  • Administration body: The Data Protection Board, an adjudicating body proposed to enforce the provisions of the Bill, is likely to be empowered to impose the fine after giving the companies an opportunity of being heard.
  • Scope of Data being protected: The new Bill will only deal with safeguards around personal data and is learned to have excluded non-personal data from its ambit.
Mains Practice Question

Q. “Discuss the balance between ensuring online child safety and maintaining user privacy in the context of the European Union’s proposed 'chat control' law.”

X

Verifying, please be patient.

Enquire Now