On May 13, CDT Europe and the Open Government Partnership hosted the sixth Civil Society Roundtable Series event in Brussels. Titled “Lifting the Veil: Advancing Spyware Regulation in the EU,” the event gathered over 50 participants from civil society, EU institutions, national regulators, and academia. The discussion focused on creating an EU regulatory framework that supports human rights and democratic oversight.
A high-level panel discussed spyware as a growing policy challenge within the EU's focus on digital security. "The urgency of this issue aligns with a wider shift in EU policymaking," noted one participant. The debate highlighted the need for regulation governing law enforcement data access and emphasized existing frameworks' shortcomings in preventing spyware abuses.
While legal mechanisms to address abuses exist, political will is lacking. In 2023, the European Parliament suggested reforms to counter spyware misuse, including stronger oversight and accountability measures. Participants regretted that these recommendations have not been implemented by EU Institutions.
Transparency throughout the lifecycle of spyware tools was deemed essential by participants. They called for robust safeguards, judicial oversight, and multistakeholder dialogues to enhance transparency and accountability. There was also recognition of international initiatives like the Pall Mall Process but concerns about their non-binding nature potentially limiting effectiveness.
Financial channels supporting spyware were also scrutinized, especially investments in regions like Sub-Saharan Africa without sufficient transparency or oversight.
A technical panel addressed challenges posed by spyware under current data protection frameworks. Spyware's ability to bypass intermediaries undermines oversight efforts. Legal exemptions for national security further weaken transparency mechanisms.
The WhatsApp v. NSO Group ruling highlighted vendor accountability issues. Participants cited it as a case underscoring strict due diligence obligations and enforceable transparency measures.
Finally, participants stressed enhancing procedural safeguards within criminal justice systems to ensure compliance with necessity, legality, and proportionality principles.
In conclusion, closing regulatory gaps within the EU's internal market remains urgent. Participants noted that export controls are regulated but lack comparable internal market safeguards allow industry proliferation with minimal oversight.
The roundtable emphasized sustained political commitment and institutional cooperation for effective reforms against expanding spyware threats while maintaining democratic principles and human rights protections.