Answer given by High Representative/Vice-President Borrell on behalf of the European Commission
The EU is closely following developments around the Pegasus software. The EU has called on Israel to implement and enforce legislation to protect people from any possible unlawful surveillance based on Israeli technology, among others through the application of effective export controls.
The EU has a number of instruments related to unlawful surveillance and data privacy, including the General Data Protection Regulation, the ePrivacy Directive, and the Law Enforcement Directive.
In addition, the revised Dual Use Regulation 2021/821 entered into force in September 2021 and will ensure effective protection of EU interests and enhances the EU’s capacity to control its trade flows in sensitive new and emerging technologies.
The monitoring and enforcement of the EU data protection and privacy rules are primarily a national competence. I ssuing of export licenses, ensuring compliance with export control provisions and sanctioning the violation of those provisions is equally so.
The EU will ensure that in its new programming cycle, funds are allocated to strengthen digital security of civil society organisations and human rights defenders.
In terms of external action, the EU will continue to make use of all its political tools, including human rights dialogues, to raise concerns over the unlawful use of surveillance technologies, and continue to call on companies to abide by the United Nations Guiding Principles on Business and Human Rights and the Organisation for Economic Cooperation and Development Guidelines.