This Commission Implementing Regulation establishes a standardized form for reporting personal data processing by providers of number-independent interpersonal communications services in their efforts to combat online child sexual abuse. The regulation implements specific reporting requirements under Regulation (EU) 2021/1232.The regulation consists of two main parts: the legal basis and requirements (Articles 1-2) and a detailed Annex containing the standard reporting form. The form is structured into nine main categories covering various aspects of data processing and reporting.The standard form requires detailed reporting on:
- Types and volumes of processed data, including metadata and content data
- Legal grounds for processing and data transfers outside the EU
- Statistics on identified cases of child sexual abuse material (CSAM)
- Information about user complaints and their resolution
- Error rates in detection technologies
- Measures to limit errors
- Data retention policies and protection safeguards
- Organizations with which data is shared
The form requires extensive statistical data, particularly distinguishing between EU and non-EU users, known and new CSAM cases, and different types of content (images, videos, text). It also demands detailed information about internal redress mechanisms, judicial complaints, and measures taken to ensure accuracy in detection systems.
