Press Freedom
Watching the Watchdogs

Spyware surveillance of journalists in Europe
Dark silhouette of a person in front of a big screen full of gree and blue data

Pegasus" is known for its capability to hijack a smartphone's microphone and camera, as well as access a wide array of personal data including emails, text messages, and documents.

© Chris Yang, Unsplash

In 2024, the European Union enters a new era in the fight to protect journalists and press freedom from illegal spyware abuse. After months of debate and tense final negotiations, EU institutions reached a historic agreement on the European Media Freedom Act (EMFA) in December 2023.

Among multiple new rules, the provisional deal includes strengthened safeguards for journalists and their sources from coercive surveillance, including spyware, under Article 4. These new rules outline that surveillance measures can only be permitted on a case-by-case basis “by an overriding reason of public interest”, subject to prior authorization by a judicial authority. Explicit references to exemptions under national security grounds were removed, prompting EU leaders to hail the deal as a major step forward in the protection of journalists from unwarranted surveillance.

Will EMFA be strong enough?

While the EMFA overall has been welcomed as a timely boost for safeguarding media pluralism and independent journalism, the impact the Article 4 provisions will have on limiting surveillance of the press remains in doubt and certainly falls short of initial expectations. After a spate of major surveillance scandals involving journalists in the EU in recent years, hopes were high that the EMFA would put an end to the abuse of advanced surveillance tools such as Pegasus or Predator to monitor journalists’ communications. Yet uneasiness persists over whether the EMFA’s provisions will be strong enough or whether the remaining loopholes can still be exploited by bad actors.

Spyware abuse in Greece and Hungary

A new report, published by the International Press Institute (IPI) with financial support from the Friedrich Naumann Foundation for Freedom, reviews the last-minute negotiations over Article 4 of the EMFA, the compromise that was struck, and the loopholes that may remain. It then provides two case studies from EU member states in which highly intrusive spyware tools have been abused to surveil journalists in recent years: Greece and Hungary. These case studies tell the story of two surveillance scandals involving the monitoring of journalists and show how national security exemptions were used in both to circumvent legal restrictions, block accountability, and shield those responsible from scrutiny. The case studies offer worrying examples of why the compromise reached by EU institutions for the EMFA risks being too weak to properly protect journalists from surveillance. The report then reviews other cases of surveillance of journalists in EU member states before offering conclusions and recommendations for how Europe’s journalists can best be protected from all forms of illegal surveillance.