Ref. Ares(2021)7173692 - 22/11/2021
Head of Cabinet Åsa Webber
MEETING WITH JANE HORVATH, CHIEF PRIVACY
OFFICER AT APPLE
07 September 2021, 10:00
Table of contents
1. Scene setter
2. Main messages
You will participate in a meeting with Jane Horvath, Chief Privacy Officer at Apple. The
meeting will focus on discussing Apple’s announcement in August of new child safety
1. To detect known CSAM images
: on-device hashing and matching of images when
they are uploaded to iCloud;
2. To fight grooming
: –detection of nudity in images sent to or from a device used by
children and alert to parents;
3. Updates to Siri and Search to provide parents and children with information when
they encounter unsafe situations and to intervene when users search for CSAM.
The announced detection of known CSAM has a number of limitations: it does not cover videos
(which constituted half of the material reported last year), a report is sent only after 30 images
have matched (and human review has confirmed them as CSAM), matching only
happens when the image is uploaded
to iCloud (i.e. no detection if the user has deactivated
iCloud backup or is downloading from iCloud), and this will be deployed in the US only
Apple announced on 3 September that it wil delay the deployment of the above “to collect
input and make improvements before releasing these critically important child safety
The meeting is also an opportunity to attract attention on another recent initiative branded by
apple as “Private Relay”. Apple Relay should be deployed in the near future on new Apple
devices, and will channel the internet traffic of Apple users through encrypted gateways
managed by the company. This new feature is likely to hamper the ability to detect and
investigate il egal activities online as communication providers won’t be in position anymore
to identify users accessing certain websites (e.g.: terrorism, CSA) or to attend requests to
block illegal content based on national laws implementing EU rules.
Objectives of the meeting:
Underline that industry is a fundamental partner in the fight against child sexual
abuse, particularly when it comes to developing new approaches to deal with new
challenges. Apple’s use of technology to detect child sexual abuse material is an
important step in this direction.
Express concern about the low number of reports submitted by Apple to NCMEC.
Express hope that, with the newly introduced tools, Apple will take a more active role
in reporting of child sexual abuse online.
On our side, we are committed to a comprehensive approach. We have adopted an
overarching EU Strategy for a more effective fight against child sexual abuse, and its
implementation is a key priority for us.
We plan to put forward a long-term proposal which will replace the interim measure
adopted on 14 July 2020. In the forthcoming proposal, we may oblige providers to
detect known child sexual abuse material. We are also considering the establishment
of a European centre to prevent and combat child sexual abuse.
Reiterate the need for close cooperation between industry and public authorities,
through the EU Internet Forum and the We Protect Global Alliance.
Another initiative by Apple branded as “Private relay” also raised concerns. While
“Private Relay” aims at enhancing privacy of Apple costumers, these new features
based on encryption are also likely to hamper the ability to detect and investigate
illegal activities online as it will become very difficult, or impossible, to identify users
accessing certain websites or to attend requests to block illegal content based on
national laws implementing EU rules. It also raises concerns as regards cybersecurity
and network management.
The Commission is currently assessing the overall impact of Private Relay notably
with telecom providers, there is a need to better understand the plan of Apple as
regards the Private Relay initiatives and its possible impact e.g. on Network
management for EU telecommunication providers. Ask Apple to explain the impact on
lawful requests for intercept and other measures involving telecommunications
Pages 5 to 7 are fully deleted.
Jane Horvath became Apple's chief privacy officer in September 2011. She is responsible for
overseeing Apple's compliance with global privacy laws as well as working internally and
externally on developing issues related to privacy.
Prior to her work at Apple, Horvath was global privacy counsel at Google and chief privacy
counsel at the Department of Justice as the first Chief Privacy Counsel and Civil Liberties
At the Department of Justice, she was a member of the High Level Contact Group and leader
of the U.S. delegation of experts tasked with exploring common ground between the
European Union’s Third Pil ar data protection principles and U.S. federal privacy laws.
Prior to the Department of Justice, she also was the General Counsel of Digital City Inc., an
America Online, Inc. (AOL) subsidiary, and Assistant General Counsel at AOL, where she
helped draft the company’s first privacy policies.
Ms. Horvath holds a Bachelor of Science from the College of William and Mary and a Juris
Doctorate from the University of Virginia.