CDT Europe has published a joint statement with a coalition of civil society organizations, urging EU institutions to regulate spyware technologies in the new legislative term.
"We are a coalition of civil society organisations and journalists’ organisations committed to the protection of fundamental rights, transparency, and accountability in relation to spyware technologies," the statement reads. The coalition warns that spyware threatens EU democratic values by undermining independent decision-making among lawmakers and the ability of journalists and activists to hold power accountable. The European Data Protection Supervisor also highlighted that modern spyware tools' intrusiveness undermines fundamental privacy and data protection rights, making them illegal under Union law.
The European Parliament's Committee of Inquiry into Pegasus and equivalent surveillance spyware (PEGA Committee) concluded in May 2023 that most EU Member States had purchased spyware tools. Some have used these tools to unlawfully surveil journalists, human rights defenders, and politicians within the EU, as reported by several civil society organizations.
The coalition expressed regret over the EU Institutions' failure to provide effective solutions or a comprehensive approach to reports of maladministration and abuse of power by Member States during the last legislative term.
They also criticized the recently adopted European Media Freedom Act (EMFA), which they claim fails to fully protect journalists from spyware. "Despite its commendable intentions, the law lacks essential safeguards against their surveillance," they stated. Consequently, both spyware victims and EU society await an appropriate institutional response.
The undersigned organizations believe that the new legislative term offers an opportunity for incoming EU Institutions to take decisive action on this matter. They call on the Commission, Council, and Parliament to urgently implement measures curtailing spyware abuse in the EU while upholding fundamental rights through effective accountability mechanisms.
Specific measures proposed include:
- An EU-wide ban on production, export, sale, importation, acquisition, transfer, servicing, and use of disproportionately intrusive spyware.
- A moratorium on such activities until a new legal framework is established.
- Strengthening export control regimes.
- Ensuring transparency in government contracts involving spyware.
- Enforcing bans on commercial trade vulnerabilities except for strengthening system security.
For Member States:
- Suspending all exports of surveillance technology breaching international human rights standards.
- Imposing sanctions on vendors violating due-diligence obligations under EU law.
- Eliminating obstacles preventing victims from accessing justice and remedies promptly.
For the European Parliament:
- Continuing investigations into surveillance abuses by Member States.
- Holding the Commission and Council accountable for their actions or inactions regarding existing Union laws.
The coalition emphasized that decision-makers should consult publicly with relevant stakeholders before making decisions related to these recommendations.
Signatories include Access Now, ARTICLE 19, CDT Europe (CDT EU), Civil Liberties Union for Europe (Liberties), Data Rights among others.