EU Council and EU Commission Must Urgently Address Issues by PEGA Committee

Last week, the European Parliament held a debate on the use of surveillance spyware in the EU in reaction to recent media revelations regarding the targeting of two more MEPs with PEGASUS spyware: Nathalie Loiseau, French MEP and chair of the defense subcommittee (SEDE), and Elena Yoncheva, MEP from Bulgaria. Two more names now join the long list of MEPs targeted with spyware, which includes the European Parliament’s president, Roberta Metsola. 

During the debate, MEPs expressed concern regarding the insufficient investigative measures taken by the Parliament service and criticised the Commission for its failure to act on the recommendations put forth by the PEGA committee. The Commission referred vaguely to the various EU legal instruments that are already in place to limit unlawful interference with the right to privacy and data protection by means of spyware and highlighted their importance. It reiterated that the Commission is working on a non-legislative initiative “to clarify the boundaries of and the interplay between EU law, in particular the data protection and national security.” However, this was met with strong resistance by MEPs, who consider any non-legislative initiative to be grossly inadequate given the gravity of the issue.

This is the third plenary debate organised to follow up on the conclusions of the PEGA Committee since the conclusion of enquiry proceedings and the adoption of the Recommendations in June 2023.  Within a span of less than one year, there have been three plenary debates, one debate in the LIBE Committee, one parliamentary resolution, and a multitude of letters and written questions (dated October and November 2023 and many more) exchanged between the Parliament and the Commission. Indeed, the Parliament is taking a very firm stance against the unlawful use of spyware and is pushing for a legally-binding solution to curtail the proliferation of spyware and its unlawful use against civilians.

However, the circumstances in which this latest debate took place are unfortunate. In particular, the Council’s absence at the debate. Despite being invited, the Council declined the opportunity to actively engage in a meaningful debate with the Parliament, leaving crucial questions unanswered regarding its strategy for addressing the numerous instances of maladministration and abuse of power documented by the PEGA Committee. What’s more, neither Commissioner Reynders nor the vice-president Vera Jourova or Executive Vice-President Dombrovskis were in attendance. Instead, the responsibility to address MEPs on this highly sensitive issue was entrusted to Commissioner for International Partnerships Jutta Urpilainen, who is not the primary Commissioner responsible on the file and was clearly not sufficiently briefed on the file, as was noted by the other speakers. 

Lastly, to compound the issue, despite the severe threat spyware poses to democratic processes, the debate was very poorly attended, with only six MEPs reportedly present. This is particularly perplexing against the background of the upcoming European elections in June.

CDT believes that European Institutions must do better. The Commission and Council must urgently act upon the recommendations of the PEGA Committee, and actively engage with the Parliament on further actions. It is not only an issue of respecting the Treaties and the principle of mutual sincere cooperation between Institutions, but, importantly, a matter of upholding the trust that people place in political institutions.

Therefore, CDT calls upon the Commission and the Council to urgently take appropriate action and to implement the recommendations issued by the PEGA Committee without delay.