The European Data Protection Supervisor (EDPS) has called for an EU-wide ban on the development and deployment of Pegasus and other spyware with similar capabilities, on account of the unprecedented risks arising from such spyware regarding the fundamental rights and freedoms of individuals, particularly the right to privacy, as well as risks to democracy itself.
The EDPS clarifies that if using such spyware is nonetheless necessary in exceptional situations, the following measures should be applied, among others, to prevent unlawful use:
- Strengthening the democratic oversight of surveillance measures, especially by data protection authorities.
- Strictly implementing the EU legal framework on data protection, including any judgments of the Court of Justice of the EU.
- Effective judicial review of surveillance activities, both before and after the fact.
- Strengthening the standards of protection of individuals’ rights offered by criminal procedures, including by restricting the admissibility of evidence collected by spyware.
- Downscaling the transfers of data originating from abusive surveillance practices to EU databases (e.g., through the import of criminal intelligence from outside the EU).
- Raising awareness and encouraging public discourse on the use of surveillance to encourage exposure of future abuses.