The 38-member Committee was established on 10 March after an overwhelming majority voted in favour of it (635 for, 36 against and 20 abstentions).
According to its mandate, it will look into existing national laws regulating surveillance and whether spyware was used for political purposes against, for example, journalists, politicians and lawyers.
In October 2021, the European Parliament awarded the first Daphne Caruana Prize for Journalism to journalists from the Pegasus Project coordinated by the Forbidden Stories Consortium.
The winning story disclosed a leak of more than 50,000 phone numbers selected for surveillance by Israeli cyber surveillance company NSO Group customers.
The Forbidden Stories Consortium and Amnesty International have had access to records of phone numbers selected by its clients in more than 50 countries since 2016.
The NSO Group claims that its software is intended for use only by government intelligence and police to fight against organised crime and terrorism. It is not responsible for any misuse by its clients for other purposes.
According to the Forbidden Stories Consortium, the leaked data showed that journalists, human rights defenders and politicians in, among others, India, Mexico, Hungary, Morocco and France had been targeted.
According to the reports, the former Israeli government had allowed the export of sensitive spyware to authoritarian or illiberal regimes for geopolitical reasons.
Belgian MEP Saskia Bricmont (Greens/EFA) said that the Committee would already invite journalists from the Pegasus Project to the first meeting. She has been appointed as a coordinator on behalf of her group. The Committee will establish its chairs and vice-chairs at the meeting.
“We need to understand how the spyware works and will work closely with experts,” she said. “We need to know which governments have violated EU law and fundamental rights by spying on journalists, human rights defenders, political opponents, etc., for unjustified reasons and unlawfully.”
The Committee shall submit its final report within 12 months of the adoption of the decision, i.e. by March 2023, but the time can be extended if needed. There are two dimensions to the investigation.
The internal one is about the use or misuse of Pegasus and other equivalent spyware by EU member states. The Committee is not only focusing on the spyware from the NSO Group.