This Commission Implementing Regulation establishes a standardized form for reporting personal data processing by providers of number-independent interpersonal communications services in their efforts to combat online child sexual abuse. The regulation is directly linked to Regulation (EU) 2021/1232 and aims to ensure uniform data collection across the EU.The regulation consists of two main parts: the legal basis and requirements in Articles 1-2, and a detailed Annex containing the standard reporting form. The form is structured into nine main categories covering various aspects of data processing and reporting.The standard form requires detailed reporting on:
- Types and volumes of processed data, including metadata and content data
- Legal grounds for processing and data transfers outside the EU
- Statistics on identified cases of child sexual abuse (both known and new CSAM)
- Information about user complaints and their resolution
- Error rates in detection technologies
- Measures to limit errors
- Data retention policies and protection safeguards
- Organizations with which data is shared
The form requires separate reporting for EU and non-EU users, and distinguishes between different types of content (images, videos, text). It also mandates detailed reporting on internal redress mechanisms, judicial complaints, and the outcomes of such complaints. The regulation requires providers to report specific measures implemented to protect personal data and ensure accurate detection of illegal content.
