By Molly Killeen 

(EurActiv) — The European Parliament’s Pegasus spyware committee is set to adopt several recommendations to address the EU’s ‘fundamental inadequacy’ in dealing with surveillance technology. 

The draft recommendations were presented on Tuesday (24 January) in the Pegasus (PEGA) committee, which was established in 2022 to investigate the abuse of spyware by EU governments.

The text comes as a follow on from a document released by MEP Sophie In ‘t Veld in November, which reviewed the committee’s work so far. Due to procedural constraints on length, this was divided into a report and recommendations, and the elements of the original text that had to be removed will be added back via amendments, In ‘t Veld told EURACTIV.

The recommendations, released earlier this month, set out the lawmaker’s proposed responses to the scandal at the European and national levels and with country-specific recommendations for Poland, Hungary, Greece, Spain and Cyprus. 

Both the draft recommendations and the report are expected to be voted by the committee towards the end of April.

National recommendations 

Five countries are singled out in the recommendations, with specific proposals for improving what is seen as their particularly stark spyware abuses.

In Poland and Hungary, the recommendations say institutional safeguards and oversight mechanisms should be restored, their independence ensured, and Europol should be invited to investigate alleged violations.

In Poland, the document also notes judges should be randomly allocated to cases to avoid the selection of those ‘friendly’ to the intelligence services. 

In Greece, where the wiretapping scandal has caused widespread political upheaval, it is recommended that authorities be permitted to investigate alleged incidences of surveillance freely and that a 2019 move to bring the country’s intelligence services under the direct control of the prime minister is reversed. 

Spain, which has come under scrutiny but has yet to be visited by a delegation from the committee, was found to be in line with the EU’s fundamental treaties and European Court of Justice rulings.

Still, questions were raised about its implementation, and it was recommended that clarity be provided on alleged cases, and meaningful remedies for victims be ensured. 

Among the recommendations issued to Cyprus was a call for it to assess all export licenses for spyware and to repeal those found lacking, touching on a broader issue to which the document lends great weight. 

Exports and international cooperation

Highlighted in the draft report and the accompanying recommendations are the need to tackle the production and export of surveillance technologies to countries outside the EU, not just their use by those within it. 

The recommendations argue that exporting these tools to governments with poor human rights records violates both EU fundamental rights and export rules and warns that Europe’s spyware industry is “lucrative and expanding” also thanks to the EU single market.

The report also singles out certain states, such as Cyprus and Bulgaria, as international “export hubs” for surveillance technology.

As such, it is recommended that the trade in spyware be strictly regulated, with the adoption of an immediate moratorium on the sale, acquisition, transfer and use of it within the EU. 

This, it is suggested, could be lifted on a country-by-country basis through the fulfilment of criteria such as transparent judicial authorisation, the definition of scope and duration, the protection of certain professions and ex-post deletion of the data gathered. 

The recommendations say that existing export rules and regulations on dual-use technologies should also be better enforced, and greater international cooperation, for example, with the US through the Trade and Technology Council, should be used to develop joint spyware strategies and construct export and licensing frameworks.

Institutional silence

The recommendations reiterate In ‘t Veld’s previous sharp criticism of the EU institutions for what she perceives as an absence of action to address the threats posed by the purchase and deployment of spyware. 

“No member state, nor the Council, nor the Commission has any desire to shed light on the spyware scandal, thus knowingly protecting Union governments which violate human rights within and outside of the Union,” the report reads. 

It also slams the EU executive and diplomatic branches for maladministration in its provision of support to third countries in developing surveillance capabilities, an accusation recently acknowledged by the EU ombudsman.

Finally, In ‘t Veld suggested to the Commission to use its own rule of law toolbox, as the use of spyware is most prominent in countries where these safeguards are weakest, and to come up with a legislative proposal on this area.