Also within the European Union, journalists, opposition politicians, critical prosecutors, diplomats, lawyers and civil society actors are being spied on with Pegasus and similar tools. This violates Union law. The European Parliament therefore decided on 10 March 2022 to set up a Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware. The vote to establish the committee was carried 635 in favour, 36 against and 20 abstentions.
The inquiry should gather information on the extent to which the Member States‘ use of the surveillance tools violates the rights and freedoms enshrined in the Charter and thereby jeopardises the values enshrined in Article 2 TEU, such as democracy, the rule of law and respect for human rights. To this end, the investigation mandate consists of 18 different tasks.
The Committee organises hearings and closed meetings, fact-finding missions and commissions studies. After 12 months, its work ends with a final report. Rapporteur is the Liberal Sophie in ’t Veld.
All hearings and meetings:
19 April 2022, 15.45 – 18.45: Constitutive Meeting of PEGA | Exchange of views on main questions (Election of Chair and Vice-Chairs | EOW: Laurent Richard and Sandrine Rigaud, Forbidden Stories; John Scott-Railton and Bill Marczak, Citizen Lab; Donncha Ó Cearbhail and Likhita Banerji, Amnesty International) [Agenda] [Stream]
10 May 2022, 13.45 – 15.45: Functioning of Pegasus and equivalent surveillance spyware (Constanze Kurz, netzpolitik.org, Germany; Adam Haertlé, Zaufana Trzecia Strona, Poland; Bill Marczak, Citizen Lab, Canada) [Agenda] [Stream]
30 May 2022, 15.00-16.00: Exchange of views (Didier Reynders, Commissioner for Justice) [in camera]
9 June 2022, 9.30-11.30: Exchange of views (Ana Brian Nougrères, UN Special Rapporteur for Privacy; Peggy Hicks, Director of the Thematic Engagement, Special Procedures and Right to Development Division of the UN Human Rights Office) [Agenda] [Stream]
13 June 2022, 15.00-18.30: Spyware – Use, Supervision and Safeguards (Panel 1: Román Ramírez, Instituto de Empresa/ Rooted Con; Michel Arditti, SCSWorld | Panel 2: Cindy Cohn, EFF; Sessa Duro, International Judges Association; Wojciech Wiewiórowski, EDPS) [Agenda] [Stream]
14 June 2022, 9.00–12.30: Big tech and Spyware I (Panel 1: Kaja Ciglic, Microsoft; Charley Snyder, Google; David Agranovich, Meta | Panel 2: Ross Anderson, Cambridge University; Patricia Egger, Proton AG) [Agenda] [Stream]
21 June 2022, 14.30-16.30: Exchange of views | Hearing: Stocktaking of EU spyware providers (EOW: Chaim Gelfand, General Counsel and Chief Compliance Officer of NSO; Nicola Bonucci, Paul Hastings law firm | Hearing: Edin Omanovic, Privacy International; Stephanie Kirchgaessner, The Guardian; Ben Wagner, TU Delft) [Agenda] [Highlight] [Stream]
12 July, 15.00-18.30: Israel and Spyware (preparation of the mission to Israel) (Marwa Fatafta, MENA Policy Manager, AccessNow; Mona Shtaya, Advisor at 7amleh, Arab Center for the advancement of Social Media; Eitay Mack, Human Rights Lawyer, representing HCLU in its court case against NSO) [Agenda] [Stream]
30 August, 9.00–12.30: Spyware used against citizens (Panel 1: Claudio Guarnieri, Head of Amnesty International’s Security Lab, Berlin; Miriam Saage-Maaß, Legal Director, European Center for Constitutional and Human Rights (ECCHR), Berlin; Jean-Philippe Lecouffe, Deputy Executive Director, Operations Directorate, Europol, The Hague | Panel 2: Clara Portela, Professor, University of Valencia; Rosamunde van Brakel, Research Professor, Vrije Universiteit Brussels) [Agenda] [Press Release] [Highlight] [Stream]
30 August, 15.00-17.00: Spyware – victims and remedies (Carine Kanimba, victim of spyware, daughter of the Rwandan politician Paul Rusesabagina; Dominique Simonnot, victim of spyware, journalist; Catherine Van de Heyning, Professor, University of Antwerp) [Agenda] [Highlight] [Stream]
8 September, 9.00-12.30: The use of spyware in Greece (Panel 1: Stavros Malichudis, journalist targeted by spyware; Thanasis Koukakis, journalist targeted by spyware; Eliza Triantafillou, investigative journalist | Panel 2: Athanasios Staveris, Secretary General of Telecoms and Post, Greek Ministry of Digital Governance; Panos Alexandris, Secretary General of Justice & Human Rights, Greek Ministry of Justice; Christos Rammos, President, The Hellenic Authority for Communication Security and Privacy) [Agenda] [Highlight] [Stream] [Press Release]
15 September, 9.00–12.00: Use of Spyware in Poland (Ewa Wrzosek, prosecutor (victim); Roman Giertych, former vice-prime minister and lawyer (victim) | Professor Adam Bodnar, Lawyer and former Ombudsman for Citizen Rights of Poland; Anna Błaszczak, Director Amnesty International Poland) [Stream] [Press Release]
6 October, 9.00–11.00: Exchange with Members who have been targeted by spyware (Diana Riba i Giner (Greens/EFA, ES); Nikos Androulakis (S&D, EL); Jordi Solé (Greens/EFA, ES); Antoni Comín (NI, ES) (direct victims of spyware); Carles Puigdemont (NI, ES, victim of indirect targeting via close contacts)) [Stream] [Press Release]
26 October, 9.00-12.30: Big tech and spyware II (Shane Huntley, Director of Google Threat Analysis Group [Outline]; Jo De Muynck, Head of Operational Cooperation Unit at ENISA; Saad Kadhi, Head of CERT-EU, Rosanna Kurrer, Cyberwayfinder) [Agenda] [Stream] [Press Release]
26 October, 15.00-17.00: Spyware and e-privacy (Panel 1: Ángel Vallejo, Head of Institutional Relations THIBER; Jesper Lund, Chairman of IT-Pol, member of EDRi [Outline]; Wojciech Klicki, Lawyer, Panoptykon Foundation | Panel 2: Ioannis Kouvakas, Senior Legal Officer and Legal Coordinator – Privacy International; Achim Klabunde, Uni Bonn & Deutsche Vereinigung für Datenschutz) [Agenda] [Stream] [Press Release]
27 October, 9.00 to 12.30: The impact of Spyware on Fundamental Rights and The impact of spyware on democracy and electoral processes (Panel 1: Ot van Daalen, Institute for Information law, UvA [Outline]; David Kaye, former UN special rapporteur for freedom of expression [Outline] | Panel 2: Krzysztof Brejza, targeted with Pegasus while head of election campaign; Giovanni Sartor, Part-time professor at Faculty of Law at the University of Bologna and at the EUI; Iverna McGowan, Director, Europe Office of Center for Democracy and Technology [Outline]) [Agenda] [Stream] [Press Release]
24 November, 9.00–12.00: Trade in zero-day vulnerabilities (Thorsten Schröder [Outline], Chaos Computer Club; Dr. Max Smeets, Center for Security Studies, ETH Zurich; Ian Beer, Google’s Project Zero team; Dr. Mailyn Fidler, University of Nebraska) [Stream] [Press Release]
29 November, 9.00–12.30: Country-hearing: Spain (Panel 1: Ignacio Cembrero, investigative journalist at El Confidential; Andreu van den Eynde, Criminal lawyer; Gregorio Martin, Emeritus Professor of Computer Science, University of Valencia | Panel 2: Esperanza Casteleiro Llamazares, Director of the Spanish National Intelligence Agency (CNI); Juan Jesús Torres Carbonell, Secretario General de Administración Digital) [Stream] [Press Release] [Background Note]
15 December, 9.00–12.00: Exchange of views
The use of Pegasus and equivalent surveillance spyware
Policy Department for Citizens’ Rights and Constitutional Affairs, Directorate-General for Internal Policies (December 2022)
Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance
spyware – Draft Report, Rapporteur:Sophie in ‘t Veld (8 November 2022)
Greece’s Predatorgate: The latest chapter in Europe’s spyware scandal?
This EPRS paper synthesises the fast-paced and highly politicised developments at national level and contextualises the European Union’sresponses. It refers to the EPRS study ‚Europe’s PegasusGate‘ for more information and possible ways forward.
European Parliamentary Research Service (September 2022)
Pegasus and surveillance spyware
In-depth analysis for the PEGASUS committee
Policy Department for Citizens’ Rights and Constitutional Affairs, Directorate-General for Internal Policies (May 2022)
Europe’s PegasusGate: Countering spyware abuse
This study introduces the Pegasus product’s features and trading practices, surveys Pegasus operations and reactions, identifies transversal and country-specific legal concerns, and sketches possible ways forward in the public and private sectors
European Parliamentary Research Service (July 2022)