Brussels (The Brussels Morning Newspaper) – In a joint statement, civil society organisations urged comprehensive legislation prohibiting spyware throughout the EU, citing widespread misuse and inadequate regulation.
Spyware regulation has been hotly discussed in the EU since revelations in July 2021 that vicious spyware software, particularly Israeli-developed Pegasus, was employed to target politicians, journalists, and activists. “We regret that the EU institutions have failed to provide effective solutions […] to the numerous reports of maladministration and abuse of power by member states during the last legislative term,” reads the joint statement.
Are Current EU Regulations on Press Freedom and Spyware Adequate?
Civil society groups stated that existing regulations on press freedom are either insufficient or contain loopholes. They called the European Commission to ban “the production, export, sale, import, acquisition, transfer, servicing and use of spyware.” This position is a far cry from existing EU government practices. “All member states have purchased or used one or more spyware systems”, concluded a European Parliament special committee on Pegasus in May 2023.
Which Civil Society Organizations Are Leading the Push Against Spyware?
Signatories of the declaration include the Center for Democracy & Technology Europe, the European Digital Rights Network, the European Federation of Journalists, the Electronic Privacy Information Center, the Civil Liberties Union for Europe, ARTICLE 19, Access Now, and Wikimedia Europe.
What Actions Are Civil Society Groups Demanding from the European Commission?
The Commission’s Directorate-Generals of Justice, trade, and Internal Market should correspond on legislation to ban spyware, Director of the Security, Surveillance and Human Rights Programme at the Center for Democracy and Technology (CDT), Silvia Lorenzo Perez, said.
How Should Existing Rules Be Strengthened to Regulate Spyware?
In addition to the ban, the organisations submitted strengthening existing rules. Spyware is regulated in the EU through the European Media Freedom Act (EMFA), the directive on data privacy (ePrivacy directive), and the dual-use export regulation. The group noted that the EMFA lacks “essential safeguards” and “fails to fully cover journalists from spyware.”
They contended that expected revisions to the ePrivacy regulation should deliver “stronger guarantees to safeguard the confidentiality of communications.” However, the ePrivacy regulation has been stuck for years.
Lastly, the civil society groups called for a reexamination of the export controls regime and an amendment to assure that EU-made spyware cannot be “used for repression or human rights violations.” “The European Commission has failed to disclose information” regarding “who is selling European spyware to dictators,” Pirate MEP Markéta Gregorová (Greens, Czechia) and rapporteur of the dual-use regulation said. The signatories also called on the Council of the EU to “refrain from introducing wide national security exceptions” on any new legislation outlawing spyware.