Briefing Redacted.pdf

Ref. Ares(2021)7173692 - 22/11/2021
Head of Cabinet Åsa Webber
MEETING WITH JANE HORVATH, CHIEF PRIVACY
OFFICER AT APPLE
07 September 2021, 10:00
Berlaymont
Table of contents
1. Scene setter
2. Main messages
3. Background

SCENE SETTER
You  will  participate  in  a  meeting  with  Jane  Horvath,  Chief  Privacy  Officer  at  Apple.  The
meeting  will  focus  on  discussing  Apple’s  announcement  in  August  of  new  child  safety
features:
1.  To  detect  known  CSAM  images:  on-device  hashing  and matching  of  images  when
they are uploaded to iCloud;
2.  To fight  grooming:  –detection  of  nudity  in  images  sent to  or from  a  device  used  by
children and alert to parents;
3.  Updates  to  Siri  and  Search  to  provide  parents  and  children  with  information  when
they encounter unsafe situations and to intervene when users search for CSAM.






The  announced  detection  of  known  CSAM  has  a  number  of  limitations:  it  does  not  cover
videos (which constituted half of the material reported last  year), a report is sent only after
30 images have matched (and human review has confirmed them as CSAM), matching only
happens when the image is uploaded to iCloud (i.e. no detection if the user has deactivated
iCloud backup or is downloading from iCloud), and this will be deployed in the US only.

Apple  announced  on  3  September  that  it  wil   delay  the  deployment  of the  above  “to  collect
input  and  make  improvements  before  releasing  these  critically  important  child  safety
features”.
The meeting is also an opportunity to attract attention on another recent initiative branded by
apple  as  “Private  Relay”.  Apple  Relay  should  be  deployed  in  the  near future on  new  Apple
devices,  and  will  channel  the  internet  traffic  of  Apple  users  through  encrypted  gateways
managed  by  the  company.  This  new  feature  is  likely  to  hamper  the  ability  to  detect  and
investigate il egal activities online as communication providers won’t be in position anymore
to  identify  users  accessing  certain  websites  (e.g.:  terrorism,  CSA)  or  to  attend  requests  to
block illegal content based on national laws implementing EU rules.
Objectives of the meeting:



Page 2 of 6

MAIN MESSAGES


  Underline  that  industry  is  a  fundamental  partner  in  the  fight  against  child  sexual
abuse,  particularly  when  it  comes  to  developing  new  approaches  to  deal  with  new
challenges.  Apple’s  use  of  technology  to  detect  child  sexual  abuse  material  is  an
important step in this direction.


  Express  concern  about  the  low  number  of  reports  submitted  by  Apple  to  NCMEC.
Express hope that, with the newly introduced tools, Apple will take a more active role
in reporting of child sexual abuse online.







  On our side, we are committed to a comprehensive approach. We have adopted an
overarching EU Strategy for a more effective fight against child sexual abuse, and its
implementation is a key priority for us.
  We plan to put forward a long-term proposal which will replace the interim measure
adopted  on  14  July  2020.  In  the  forthcoming  proposal,  we  may  oblige  providers  to
detect known child sexual abuse material. We are also considering the establishment
of a European centre to prevent and combat child sexual abuse.
  Reiterate  the  need  for  close  cooperation  between  industry  and  public  authorities,
through the EU Internet Forum and the We Protect Global Alliance.
  Another  initiative  by  Apple  branded  as  “Private  relay”  also  raised  concerns.  While
“Private  Relay”  aims  at  enhancing  privacy  of  Apple  costumers,  these  new  features
Page 3 of 6

based  on  encryption  are  also  likely  to  hamper  the  ability  to  detect  and  investigate
illegal activities online as it will become very difficult, or impossible, to  identify users
accessing  certain  websites  or  to  attend  requests  to  block  illegal  content  based  on
national laws implementing EU rules. It also raises concerns as regards cybersecurity
and network management.
  The  Commission  is  currently  assessing  the  overall  impact  of  Private  Relay  notably
with  telecom  providers,  there  is  a  need  to  better  understand  the  plan  of  Apple  as
regards  the  Private  Relay  initiatives  and  its  possible  impact  e.g.  on  Network
management for EU telecommunication providers. Ask Apple to explain the impact on
lawful  requests  for  intercept  and  other  measures  involving  telecommunications
providers.
Page 4 of 6

BACKGROUND
Pages 5 to 7 are fully deleted.

Page 5 of 6

ANNEXES
1.  CV
Jane Horvath became Apple's chief privacy officer in September 2011. She is responsible for
overseeing  Apple's  compliance  with  global  privacy  laws  as  well  as  working  internally  and
externally on developing issues related to privacy.
Prior  to her work  at Apple,  Horvath was global privacy counsel at  Google and chief privacy
counsel  at  the  Department  of  Justice  as the   first  Chief  Privacy  Counsel  and  Civil  Liberties
Officer.
At the Department of Justice, she was a member of the High Level Contact Group and leader
of  the  U.S.  delegation  of  experts  tasked  with  exploring  common  ground  between  the
European Union’s Third Pil ar data protection principles and U.S. federal privacy laws.
Prior to the Department of Justice, she also was the General Counsel of Digital City Inc., an
America  Online,  Inc.  (AOL)  subsidiary,  and  Assistant  General  Counsel  at  AOL,  where  she
helped draft the company’s first privacy policies.
Ms. Horvath holds a Bachelor  of Science from the College of William and Mary and a Juris
Doctorate from the University of Virginia.

Page 6 of 6