The parliamentarians (MEPs) have also called for the creation of an EU Tech Lab to help uncover illicit surveillance, and are urging better coordination with non-EU countries such as the US and Israel.
These findings are contained in the final report of the European Parliament's Committee of Inquiry, which spent a year investigating the misuse of Pegasus and other spyware.
The report was adopted on Monday evening, and it outlines the committee's findings and recommendations concerning the abuse of spyware in the EU.
The MEPs say that the improper use of spyware poses a threat to democracy and have called for significant changes to address the problem.
As part of the resolution, MEPs have asked that member states only deploy spyware in cases where national legislation is in line with the recommendations of the Venice Commission and case-law of the EU Court of Justice. This means that the use of spyware should only be authorized in exceptional cases for a specific purpose and a limited time.
Additionally, MEPs argue that data belonging to politicians, doctors, lawyers, or the media should be shielded from surveillance unless there is evidence of criminal activity.
The proposed EU Tech Lab would be an independent research institute that can investigate surveillance and provide technological support, including device screening and forensic research to uncover illicit surveillance practices.
The resolution also calls for close review of spyware export licenses, stronger enforcement of the EU's export control rules, and a joint EU-US strategy.
Parliamentarians say they are worried about reports that the governments of Morocco and Rwanda have spied on high-profile EU citizens, including heads of state.
Sophie in 't Veld, a member of the Renew party in the Netherlands who guided the report through the Parliament, explains the dangers of spyware.
She said that Pegasus, for example, is a brand of spyware that completely takes over a phone, accessing messages, camera, microphone, images, documents, and apps. The danger of Pegasus and other spyware is not just an attack on privacy but also on democracy.
She noted that journalists, opposition politicians, NGOs, and lawyers need to be able to scrutinize power freely, exposing crime and wrongdoing, and holding power to account.
Spying on such people can lead to blackmail, discreditation, harassment, and a chilling effect.
The abuse of spyware further threatens election integrity because fair and democratic elections require journalists to scrutinize the government and report on its actions.
According to in 't Veld, a handful of governments are abusing spyware, violating European laws, and the European Commission has not acted. She did not identify which governments.
However, the European Parliament's report on Pegasus spyware abuse includes country-specific recommendations.
Hungary and Poland are called upon to comply with European Court of Human Rights judgments, while Greece is urged to strengthen safeguards, repeal non-compliant export licenses, and respect the Hellenic Authority for Communication Security and Privacy. Cyprus is advised to repeal non-compliant export licenses, and Spain is urged to conduct effective investigations and provide legal remedies for targeted individuals.
