Dataskyddet och Chat Control : Om obligatorisk spårning av interpersonell kommunikation i syfte att motverka och bekämpa barnpornografi och grooming på nätet

Sammanfattning: The fundamental problem of data protection and digitization is the conflict betweenthe individual’s interest of being protected against unauthorised intrusioninto their privacy and the ability and the interest of the state or other actors touse personal information for various specified purposes to ensure the protectionof other rights. The protection of vulnerable persons such as childrens’ onlinesafety is one of the interests that must be prioritized to ensure a safe online environment.In the EU, private actors providing interpersonal communication servicessuch as Facebook Messenger, Instagram, Signal and e-mail services, mustcomply with the provisions stipulated in the GDPR and the ePrivacy Directivewhen processing personal data in order to offer their users a confidential communicationon their services. Some of the service providers already use technologiesto track and monitor natural persons communications with the purpose toprevent and combat child sexual abuse online on the basis of an exemption fromthe ePrivacy Directive, the Interim Regulation. The purpose of this thesis is toexamine the various rules that apply to private actors providing interpersonalcommunication services in Europe according to existing regulation regarding theprotection of users’ personal data when tracking and monitoring communication.This year, the European Commission presented their proposal for a ChatControl Regulation that obliges the service providers to monitor all their services,even the encrypted communication, and share the data with multiple authorities.The proposed regulation is supposed to be applied parallel to the GDPR and theePrivacy Directive while also constituting a limitation to the fundamental rightsin Article 7 and Article 8 of the European Charter which are protected by theGDPR and the ePrivacy Directive.Generally, all actors processing personal data must comply with relevant dataprotection regulation. Therefore, the purpose of this thesis is also to examine towhat extent existing, relevant data protection regulation must be complied withwhen implementing a Chat Control Regulation where the actors are forced toprocess large quantities of personal data. The impact on the individual’s integrityis examined with regard to technical functions, such as AI and encryption, triggeredby the Chat Control Regulation.As the proposed regulation contains shortcomings regarding the fundamentalprovisions of the GDPR and the ePrivacy Directive, an analysis of the limitationsto Article 7 and Article 8 in the European Charter is required. Therefore, thepurpose is to examine whether the proposed regulation in its current shape andform respects the essence of the rights in accordance with Article 52.1 in theEuropean Charter.