PEGA Committee must call for an EU-wide ban on spyware

The European Parliament’s inquiry committee on Pegasus and other similar spyware (PEGA) is working on a set of recommendations for the regulation of the use of intrusive spyware by EU Member States. It is still unclear whether the Committee will dare to set vitally needed red lines and call for a sufficiently protective European Union-wide framework against spyware in its non-binding report. EDRi submitted amendments to strengthen the demands for the protection of affected people and democratic values.

By EDRi · February 21, 2023

The EDRi network submitted comments and recommended amendments to the Draft Recommendation of the PEGA Committee by Rapporteur Ms Sophie In’t Veld. EDRi acknowledges the work of the European Parliament who is showing a strong commitment to uncovering Member States’ abuses of their surveillance powers and holding them to account for the use of dangerous spyware against journalists, activists, and political dissidents worldwide.

Read EDRi's recommendations button
This document lays out comments on the ‘European Parliament Draft Recommendation to the Council and the Commission’ of the Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA). We aim to contribute to the debate over what actions the European Union (EU) can take in face of the spyware scandals and support the Members of the Committee in calling for effective measures to protect people’s fundamental rights and freedoms against serious attacks by governments, strengthen the rule of law in this field and safeguard the vitality of the civic space. The document does not however address the content of the Draft Report.

We stress that surveillance and state hacking in particular is a genuine European political issue. The EU has the opportunity and the possibility to act. The recent case law of the Court of Justice of the European Union (CJEU) on the issue of communications and traffic data retention confirmed that the objective of safeguarding national security cannot serve to justify the automatic and irrevocable exclusion of EU competence. The national security exception cannot become the rule and render inapplicable the protections afforded by EU secondary law read in light of the EU Charter of Fundamental Rights. Member States may therefore only implement surveillance measures if they are consistent with EU law.

Whatever actions the EU will take to regulate state hacking practices, it will likely have an important impact on the debates and political developments taking place at international level. It is therefore crucial to reiterate Europe’s leadership in privacy and data protection and build a strong and clear legal framework that can serve as a benchmark internationally. For that, the EU must not shy away from drawing strict red lines by prohibiting methods and practices that are irreconcilable with fundamental rights standards and international legal instruments.

This is why we suggest amendments that serve this purpose and attempt to delineate the scope of a ban. For applications and methods which would not fall within this prohibition, we augment the draft list of requirements and safeguards already drawn by the Rapporteur. We hope the PEGA Committee will seize the political opportunity offered by civil society’s important awareness-raising and investigation work in the past years and call for a strong united European response to human rights abuses through spyware.

Chloé Berthélémy

Chloé Berthélémy

Senior Policy Advisor

Twitter: @ChloBemy