Commission Vice-President calls for Spyware Restrictions

European Commission Vice-President Margaritis Schinas has called for “an EU approach” to limiting the use of spyware by member state governments. Speaking at a press conference in Brussels, Schinas said:

“We need some order, we need a framework, we need judicial guarantees and we need an EU approach to end the malicious use of these products.”

Margaritis Schinas is a Greek Commissioner affiliated with the ruling New Democracy party, itself in the midst of a major political scandal about the alleged government surveillance of journalists and political rivals, some of whom have discovered forensic evidence of spyware on their mobile devices. Media reports suggest that Greece’s National Intelligence Service (EYP) has surveilled the mobile phones of 15,745 people.

Schinas attempted to draw a line between surveillance that could be justified on national security grounds and incursions on journalists and civil society.

There have been a series of revelations about the use of commercial spyware across the European Union and beyond, implicating heads of state, senior politicians and EU Commissioners and their staff. Inquiries are currently underway in a number of European countries.

In March 2022, the European Parliament set up the PEGA committee conduct a year-long investigation into the use of Pegasus, made by the Israeli company NSO, and equivalent spyware applications within and by the EU 27. NSO Group alone claims to have 22 customer organisations in 12 EU member states.

The indications are Sophie in ’t Veld, Chairwoman of PEGA, said on twitter that investigations into spyware should “involve a check of the phones of all politicians and top level officials, to get a full picture of the spying activity by governments.”

Beyond assessing the scale of the issue, it is unclear what kind of action may be open to the EU in this area, as matters of national security are typically reserved to member states. As the ongoing Greek surveillance scandal demonstrates, the quality of governance in this area can vary widely.

Triantafyllos Karatrantos, a Research Fellow at the Hellenic Foundation for European and Foreign Policy (ELIAMEP) in Athens said that the revelation of elected politicians being put under surveillance showed the need for safeguards.

“It’s very important to safeguard the procedure and the rationale for a surveillance operation including all the necessary filters and checks and balances, including the enhanced role of independent authorities,” he told Blueprint for Free Speech.

“National security issues should not be misused in order to target people and every request for surveillance should be explained in detail,” he said.

The usual view would be that this kind of governance issue lies outside the EU’s competence. Nevertheless, the EU has in the past legislated on other kinds of surveillance and law enforcement tools – such as data retention – and sought to find a balance with privacy rights.

"We do not have such a system for spyware. And this annoys me," Schinas said, adding that while intelligence services have the right to “chase the bad guys,” they should follow the EU rule of law, particularly as regards data protection.