The resolution was passed with 411 votes in favour, 97 against, and 37 abstentions
In response to a year-long investigation into the misuse of surveillance spyware like Pegasus, the European Parliament has adopted a resolution outlining crucial reforms to combat spyware abuse. Members of the European Parliament (MEPs) argue that the improper use of spyware has posed a threat to democracy itself and call for credible investigations, legislative changes, and better enforcement of existing regulations to address the issue. The resolution was passed with 411 votes in favour, 97 against, and 37 abstentions.
Recommendations to Hungary, Poland, Greece, Cyprus, and Spain
The European Parliament urges Hungary and Poland to comply with judgments from the European Court of Human Rights, restore judicial independence, and establish oversight bodies. These countries should also ensure independent and specific judicial authorization before deploying spyware, initiate credible investigations into abuse cases, and guarantee citizens access to meaningful legal remedies.
MEPs call on the Greek government to urgently restore and strengthen institutional and legal safeguards, repeal export licenses that are not in line with EU export control legislation and uphold the independence of the Hellenic Authority for Communication Security and Privacy.
Highlighting Cyprus’s role as an export hub for spyware, MEPs insist that the country repeal all export licenses that do not comply with EU legislation. Spanish authorities are urged to conduct full, fair, and effective investigations, especially regarding the 47 cases where it remains unclear who authorized the deployment of spyware. Additionally, Spanish authorities should ensure that targeted individuals have adequate legal remedies, according to the MEPs’ recommendations.
Establishing Clear Rules to Prevent Abuse
To immediately halt illicit spyware practices, MEPs assert that spyware should only be used in member states where allegations of abuse have been thoroughly investigated, where national legislation aligns with the recommendations of the Venice Commission and the case law of the EU Court of Justice, and where export control rules are effectively enforced.
MEPs advocate for EU rules on the use of spyware by law enforcement, emphasizing that authorization should only be granted in exceptional cases for specific purposes and limited durations. They argue that data falling under lawyer-client privilege or belonging to politicians, doctors, or the media should be protected from surveillance, unless evidence of criminal activity exists. The MEPs propose mandatory notifications for targeted individuals and non-targeted individuals whose data has been accessed during someone else’s surveillance. They also call for independent oversight following such incidents and the establishment of a common legal definition of national security as grounds for surveillance.
Establishment of EU Tech Lab and Boost to Vulnerability Research
To uncover illicit surveillance activities, MEPs recommend the creation of an independent research institute called the EU Tech Lab. This institute would be empowered to investigate surveillance practices and provide technological support, including device screening and forensic research.
Foreign Policy Dimension
MEPs express strong indications that the governments of Morocco and Rwanda have engaged in spying on high-profile EU citizens, including heads of state. In light of this, they demand a thorough review of spyware export licenses, stricter enforcement of the EU’s export control rules, the development of a joint EU-US spyware strategy, discussions with Israel and other third countries on marketing and exportation rules for spyware, and the assurance that EU development aid is not allocated to the acquisition and use of spyware.
The adoption of this resolution by the European Parliament highlights the urgency and determination to address the misuse of spyware, safeguard democratic principles, and protect the privacy and rights of individuals within the EU.