Rights groups urge EU action after Pegasus spyware found on former MEP’s phone
A joint statement by digital rights, media freedom and human rights groups says the reported targeting of former MEP Stelios Kouloglou shows that the EU has still not answered Europe’s spyware crisis.
A coalition of civil society groups has called on the European Union to act after forensic analysis found that former Member of the European Parliament Stelios Kouloglou had been targeted and infected with Pegasus spyware.
Kouloglou, who is also an investigative journalist, was targeted while serving as a substitute member of the European Parliament’s PEGA Committee. That committee was set up to investigate the use of Pegasus and similar spyware in Europe.
According to the joint statement, Citizen Lab found that Kouloglou’s phone was infected on or around 21 October 2022, and again on 6 and 7 March 2023. These dates fall during key moments of the parliamentary inquiry into spyware abuse.
The signatories say this makes the case especially serious. A parliamentarian involved in investigating spyware was himself targeted with spyware. They argue that this raises questions about parliamentary oversight, the separation of powers and the ability of elected representatives to examine state surveillance without pressure or interference.
Citizen Lab did not attribute the attack to a specific government. The statement also notes that there is no indication that the Greek government was responsible for the Pegasus attacks or that Greece has been a Pegasus customer.
The groups argue that the case points to a wider failure in Europe’s response to commercial spyware. They cite other incidents, including spyware use against exiled journalists and activists, the reported targeting of the President of the European Parliament with Predator spyware, and the use of Graphite spyware in Italy against humanitarian workers and journalists.
The statement calls on the European Parliament’s Directorate-General for Innovation and Technological Support to conduct a full, independent and impartial investigation into the hacking of Kouloglou.
It also calls on the European Commission to publicly respond to the PEGA Committee’s recommendations, explain what has been implemented, identify remaining gaps and set out a clear roadmap for addressing spyware abuse in the EU.
The groups also ask EU member states to guarantee remedies for victims. This includes access to evidence, independent investigations, notification where surveillance has taken place and accountability for both state users and corporate actors.
They further call for stronger enforcement of the EU Dual-Use Regulation, which controls the export of technologies that can be used for both civilian and military or surveillance purposes. The statement says EU funds should not support companies involved in the development, sale or deployment of spyware.
The statement was signed by organisations including Access Now, Amnesty International, the Committee to Protect Journalists, European Digital Rights, Privacy International, Reporters Without Borders, the European Federation of Journalists and several regional digital rights groups.
