His commission of inquiry European Parliament to investigate its use Pegasus software and corresponding spyware monitoring software (PEGA) approved her final essay and its recommendations, having completed its year-long investigation, the EP statement said. MEPs condemn abuses of surveillance software aimed at intimidating the opposition, silencing critical media and manipulating elections. They note that EU governance structures cannot effectively deal with such attacks and say reforms are needed.

Systemic issues in Poland and Hungary

MEPs condemn serious breaches of EU law in Poland and Hungary, where the respective governments have dismantled independent oversight mechanisms. For Hungary, MEPs argue that the use of spyware was part of a calculated and strategic effort to destroy media freedom and freedom of expression by the government. In Poland, the use of Pegasus was part of a system to monitor the opposition and critics of the government, designed to keep the ruling majority and the government in power.

To remedy the situation, MEPs call on Hungary and Poland to comply with the rulings of the European Court of Human Rights and restore the independence and oversight of the judiciary. They should also secure specific permission from an independent judicial authority before using spyware, but also have judicial review afterwards, launch credible investigations into cases of abuse and ensure that citizens have access to appropriate remedies.

Concerns about the use of tracking software in Greece and Spain

For Greece, MEPs say the use of surveillance software does not appear to be part of a comprehensive authoritarian strategy, but rather a tool used for political and economic gain. Although Greece has a fairly strong legal framework in principle, legislative amendments have weakened the safeguards. This has resulted in surveillance software being used against journalists, politicians and businessmen and being exported to countries with a negative human rights record, the EP statement points out.

MEPs are calling on the government to urgently restore and strengthen institutional and legal safeguards, to abolish export licenses that do not comply with its EU export control laws and to respect the independence of the Communications Privacy Authority (CPA). ). They also note that Cyprus has played an important role as an export hub for spyware and should revoke all export licenses it has issued that are inconsistent with EU law.

As for Spain, MEPs found that the country has an independent justice system with adequate safeguards, but some questions about the use of spyware remain. Noting that the government is already working to address the shortcomings, MEPs are calling on the authorities to ensure full, fair and effective investigations, especially into the 47 cases where it is unclear who allowed the development of spyware, and to ensure that those who have been targeted of the use of the software have effective legal remedies available to them.

Stricter rules to prevent abuses

To put an immediate stop to illegal surveillance software practices, MEPs want to allow the use of spyware only in Member States where complaints of surveillance software misuse have been thoroughly investigated, where national legislation is in line with Venice Commission standards and case law of the Court of Justice of the EU and the European Court of Human Rights, where Europol participates in investigations and where export licenses that do not comply with export control rules have been revoked. By December 2023, the Commission will have to assess whether these conditions are met in a public report.

MEPs are calling for EU rules on the use of spyware by law enforcement authorities, which should only be approved in exceptional cases, for a specified purpose and for a limited time. They argue that data that falls within the solicitor-client relationship or belongs to politicians, doctors or the media should be protected unless there is evidence of criminal activity. MEPs also propose mandatory notifications for targeted individuals and non-targeted individuals whose data was accessed as part of someone else’s surveillance, independent oversight of the use of such software, effective remedies for targets and standards for the admissibility of evidence collected using spyware.

MEPs are also calling for a common legal definition of national security as a reason for surveillance, which would prevent attempts to justify flagrant abuses.

EU Technology Lab

To help uncover incidents of illegal surveillance, MEPs are proposing the creation of a European Technology Lab, an independent research institute with powers to investigate surveillance, provide legal and technological support, including device testing, and carry out forensic research. They also want new legislation to regulate the discovery, sharing, fixing and exploitation of vulnerabilities.

Foreign Policy

As for third countries and the EU’s foreign policy instruments, MEPs would like to explore in depth spyware export licences, stricter enforcement of EU export control rules, a joint EU-US spyware strategy, talks with Israel and other third countries to establish rules on the trade and export of spyware and to ensure that EU development aid does not support the acquisition and use of spyware.

After the vote, committee chairman Jeroen Lennards said that “our investigation has made it clear that spyware has been used to violate fundamental rights and endanger democracy in many EU member states, with Poland and Hungary are the most egregious cases. The use of spyware must always be proportionate and approved by an independent judiciary, which unfortunately is not the case in some parts of Europe. Stricter control at EU level is needed to ensure that the use of spyware is the exception to investigate serious crimes, rather than the rule.”

For her part, rapporteur Sophie Id’Veld noted that “today, our investigative committee is completing its work. This does not mean that the Parliament’s work is over. No victim of surveillance software abuse has been brought to justice. No government has really been held accountable. The Member States and the European Commission should not be complacent, because I intend to persist in this case until justice is served.”

MEPs approved the report detailing the findings of the inquiry by 30 votes in favour, 3 votes against and 4 abstentions, as well as the text outlining the recommendations for the future by 30 votes in favour, 5 against and 2 abstentions. The final text is expected to be put to a vote in the plenary session of the Parliament during the session starting on 12 June.