would be dif昀椀cult for Lantern to fully uphold the principle of privacy in this case. However, it could still uphold the principles behind free expression / self-actualization of minors through stringent requirements or guidance around data about minors that reduce the likelihood of unsubstantiated signals or disproportionate enforcement of legitimate signals by companies. • Legitimacy: Limiting the privacy of children in order to protect them from sexual abuse and exploitation is a legitimate aim, particularly because most OCSEA practices are nearly universally recognized as crimes. Conversely, protecting the privacy and free expression of minors involved in OCSEA (whether as victims or perpetrators) by not allowing the sharing of data about minors is also a legitimate aim. For example, if unsubstantiated signals about minors are shared and actioned by participants, it could result in the loss of access to online accounts, which can have a signi昀椀cant adverse impact on minor users’ right to free expression, access to information, and right to education, and inhibit their ability to participate in daily life. • Necessity and proportionality: It is not clear whether data about minor victims shared across platforms is necessary for enabling platforms to better prevent, detect, and respond to OCSEA, or whether a focus on data about offenders is suf昀椀cient. Evidence would be required to make this determination. However, if the Lantern Program were to also target minor-on-minor OCSEA, then it could be considered necessary. If it is not necessary, then data about minors should not be included in the database. If it is necessary, then the Tech Coalition should take steps to protect the privacy and free expression / self-actualization rights of the minors in question as much as possible. For example, the Tech Coalition could implement privacy preserving approaches to data sharing and require rigorous review for signals that involve data about minors to prevent actioning of unsubstantiated signals or disproportionate enforcement responses. • Nondiscrimination: The inclusion of data about minors would in theory apply to all minors equally. However, in practice there may be minors from certain groups that are overrepresented as both victims and perpetrators of OCSEA for a variety of reasons, which could result in unintentionally discriminatory outcomes. The counterbalancing exercise indicates that Lantern should not allow the sharing of data about minors unless evidence indicates it is necessary to enable companies to prevent, detect, and respond to OCSEA on their platforms. If evidence indicates that it is necessary, then the Tech Coalition should take a variety of steps to limit the potential risks associated with sharing and acting upon data about minors. 6.4 Impacted Rightsholders and Vulnerable Populations A human rights-based approach requires a clear understanding of which rightsholders are impacted by the Lantern Program, with a particular attention to individuals from groups or populations that may be at heightened risk of vulnerability or marginalization. A clear understanding of which rightsholders and vulnerable groups are impacted by the Lantern Program will inform the Tech Coalition’s stakeholder engagement strategy. BSR identi昀椀es the following categories of impacted rightsholders and vulnerable populations that may be impacted through the Lantern Program: 1. Actual and potential victims of OCSEA: The goal of the Lantern Program is to help children who are or may be victims of online child sexual abuse and exploitation—making them the primary rightsholder group impacted through the program. Children at risk of harm across multiple platforms are likely to directly bene昀椀t from signal sharing and the cross-platform identi昀椀cation and moderation of OCSEA. BSR TECH COALITION HUMAN RIGHTS IMPACT ASSESSMENT 43