A hooded man holds a laptop as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. (Reuters/Kacper Pempel)
A hooded man holds a laptop in this illustration picture taken on May 13, 2017. Media law experts have said that new European Union legislation needs to include safeguards to protect journalists from surveillance. (Reuters/Kacper Pempel)

CPJ to EU: The time to act on spyware is now

The Committee to Protect Journalists calls on the European Union to include effective legal safeguards in its planned legislation to rein in the abusive use of spyware against journalists.

Negotiations on the European Media Freedom Act (EMFA), a draft EU law seeking to strengthen media freedom and pluralism in EU member states, are likely to conclude during a meeting scheduled for December 15.

CPJ is concerned that Article 4 of the EMFA on the protection of journalists and their sources could be problematic, despite its well-intended purpose, because EU member states have requested that a “national security” exemption be included to justify spyware against journalists.

2022 CPJ report found that zero-click spyware, which secretly takes over electronic devices without being detected, has had a chilling effect on press freedom worldwide by putting journalists at risk of increased harassment and violence and hampering their ability to find sources.

Around the world, spyware, which secretly takes over electronic devices without being detected, puts journalists at risk of increased harassment and violence, and sometimes precedes imprisonment.

Media law experts have consistently called for the EMFA to include precise judicial safeguards, like court orders or proportionality requirements, as detailed by CPJ in its report, “Fragile Progress: The struggle for press freedom in the European Union.”

Article 4, they argue, must also be in line with the European Convention on Human Rights (ECHR) and its case law, which guarantee journalists’ right to protect their sources.

“The growing use of surveillance to spy on journalists has sent shivers around the media community in Europe, and governments have been using national security as a justification to avoid coming clean about their reasons for surveilling journalists,” said Tom Gibson, CPJ’s EU representative. “If the EU genuinely wants to protect journalists from spyware, it needs to insert clear legal checks and balances into the European Media Freedom Act.”

In light of the Pegasus Project revelations in 2021 that spyware was used to hack the phones of dozens of journalists, government officials and human rights activists globally, the European Parliament set up the PEGA Committee to investigate abuses of spyware. In May, it published its comprehensive recommendations, including to the European Commission, and called for EU action on the use of spyware.

In September, some 500 journalists complained to the European Parliament that intrusive surveillance threatened their ability to work, their right to privacy, and their sources’ confidentiality, and called for a complete ban on spyware.