5.1. in Poland and Hungary, Pegasus surveillance spyware has been illegally deployed for political purposes to spy on journalists, opposition politicians, lawyers, prosecutors and civil society actors, apparently as part of a system or an integrated strategy;

5.2. in Greece, it has been confirmed that a member of the European Parliament and a journalist have been wiretapped by the intelligence agency and targeted with Predator spyware, and media reports revealed further possible targets of Predator, including other high-profile politicians. Spyware appears to have been used on an ad hoc basis for political and financial gains;

5.3. in Spain, the Prime minister and other ministers’ phones were infected with Pegasus, allegedly by a third country (Morocco). 65 persons related to the Catalan pro-independence movement were allegedly targeted with Pegasus and/or Candiru, 18 of whom have been confirmed as lawful targets by the Spanish authorities;

5.4. Cyprus and Bulgaria serve as an export hub for spyware;

5.5. spyware companies are or were present in several member States, including Austria, Bulgaria, Cyprus, France, Germany, Greece, Ireland, Italy, Luxembourg, Romania and Switzerland.

6. The Assembly further notes that according to the “Pegasus Project” revelations, Azerbaijan has alsoused Pegasus, including against journalists, independent media owners and civil society activists. Recentreports have disclosed its use in connection with the Armenia-Azerbaijan conflict, against 12 persons workingin Armenia, including an Armenian government official, in what appears to be an example of transnationaltargeted surveillance.

7. The Assembly unequivocally condemns the use of spyware by State authorities for political purposes.Secretly surveilling political opponents, public officials, journalists, human rights defenders and civil societyactors for purposes other than those exhaustively enumerated in Article 8.2 of the European Convention onHuman Rights (ETS No. 5, “the Convention”) (among which the prevention of disorder or crime and theprotection of national security and public safety) amounts to a clear violation of the right to respect for privatelife (Article 8).

8. If the authorities invoke national security grounds as a justification for using spyware but their realpurpose is to target and discredit an opposition politician or to intimidate and silence a human rights defender,the surveillance will give rise to a violation of Article 8 in conjunction with Article 18 of the Convention, whichprohibits States from restricting rights for purposes not prescribed by the Convention itself. Such a misuse ofpower has a chilling effect on the exercise of other human rights and fundamental freedoms, including thefreedom of expression (Article 10), the freedom of assembly and association (Article 11) and the right to freeelections (Article 3 of Protocol No. 1 to the Convention (ETS No. 9)). It may also undermine the integrity ofelectoral processes and free public debate, and therefore, the foundations of our democratic societies.

9. The targeting of journalists has an impact on the confidentiality of their sources and in turn on theirfreedom to impart information. The targeting of lawyer-client communications impairs the exercise of defencerights and the right to a fair trial guaranteed by Article 6 of the Convention, which is a fundamental principle ofthe rule of law.

10. The Assembly underlines that member States have both negative and positive obligations under theConvention. Positive obligations in this area should include the protection of individuals within their jurisdictionfrom unlawful targeted surveillance by non-State actors and third States (transnational surveillance). Thisshould trigger at the same time a procedural obligation to effectively investigate all cases of alleged unlawfuldigital surveillance by third actors targeting persons living in the territory of a member State. The Assemblyrefers in this context to Recommendation CM/Rec(2016)3 of the Committee of Ministers to member States onhuman rights and business adopted on 2 March 2016, which recalls that member States have a duty toprotect individuals against human rights abuses by third parties, including business enterprises.

5. The Assembly is deeply worried about mounting evidence that Pegasus and similar spyware have beenused illegally or for illegitimate purposes by several member States, including against journalists, politicalopponents, human rights defenders and lawyers. Pegasus and other spyware have also been exported frommember States to authoritarian regimes outside Europe, potentially in breach of European Union export rules.The Assembly welcomes the thorough investigation carried out by the European Parliament’s Committee ofInquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA Committee) leading tothe adoption of a recommendation by the European Parliament on 15 June 2023. It notes in this respect thatthe PEGA Committee and the European Parliament have found that:

27 DE FEVEREIRO DE 2024 ____________________________________________________________________________________________________________

125