Derogations from e-Privacy Directive for combating online child sexual abuse

Time-bound derogations from e-Privacy Directive for number-independent interpersonal communications services for combating online child sexual abuse


In a move intended to level the playing field’ between ‘over-the-top’ and traditional, number-dependent telcoms services applying regulation to voice over internet protocol, messaging and e-mail services, the European Electronic Communications Code Directive of 2018 broadened the relevant legislative framework by including number-independent interpersonal communications services under its scope of applicability.

The Code, which has been transposed into Maltese national law, has additionally extended the applicability of the provisions of the e-Privacy Directive to these services. This means that number-independent interpersonal communications services are now bound to protect the confidentiality of communications (article 5(1) of the e-Privacy Directive), and to erase or anonymise traffic data once this data is no longer necessary for the purpose of the transmission of a communication (article 6(1) of the e-Privacy Directive).

In the interest of countering online child sexual abuse, which is a declared priority for the EU, and taking into account that certain service providers already enacted voluntary measures in this respect within the boundaries of the GDPR, the European Parliament and of the Council adopted Regulation (EU) 2021/1232. This Regulation provides for temporary limited derogations from articles 5(1) and 6(1) of the e-Privacy Directive in order to enable number-independent interpersonal communications services – referred to as service providers – to use specific technologies for processing personal data to detect online child sexual abuse on their services and report it, and to remove online child sexual abuse material from their services.

The derogations of Regulation (EU) 2021/1232 are subject to stringent conditions and deadlines. Service providers based in Malta which plan to make use of technologies for the processing of personal and other data for the purpose of combating online child sexual abuse are guided to contact the Office of the Information and Data Protection Commissioner as soon as possible to obtain the necessary advice and assistance.

Article by Marco Miozzi

Skip to content