Democracy and the rule of law are two core values of the EU. The right to privacy clearly falls into these categories. It is up to the Commission to ensure that the Member States comply with these core values.
However, an investigative report by The Guardian and El País has revealed that many opponents of the Spanish Government (the President of the Catalan Parliament, Roger Torrent, former MP Anna Gabriel and another Catalan pro-independence activist, Jordi Domingo) were targeted in 2019 by Pegasus spyware under a government decision.
On 11 August 2020, French Member of the European Parliament (MEP) Francois Alfonsi of the Group of the Greens/European Free Alliance, tabled a written parliamentary question to the European Commission.
MEP Alfonsi asked the Commission “is it prepared to investigate this matter in order to safeguard democracy and the rule of law in the EU?” and “if it believes that it should not investigate this matter, can it explain its reasons?”
On 26 November, Justice Commissioner Didier Reynders responded on behalf of the European Commission. In his answer he declared that “the respect for privacy, including the confidentiality of communications, and data protection are protected as fundamental rights at European and national level” and “any interferences with such fundamental rights, including by law enforcement and security authorities, must be set out in a legislative measure, pursue a legitimate objective and must comply with the principles of necessity and proportionality”.
Commissioner Reynders stated that “where EC law is applicable, interferences with these fundamental rights must comply with the specific conditions laid out in Article 23 of the General Data Protection Regulation, Article 15 of the ePrivacy Directive, read in the light of Articles 7 and 8 of the Charter of Fundamental Rights of the EU and the relevant case-law of the Court of Justice of the EU (CJEU)”. “On 6 October 2020, the CJEU confirmed that national legislation requiring providers of electronic communications services to retain traffic data and location data or to forward that data to the national security and intelligence authorities for that purpose falls within the scope of the ePrivacy Directive” reported Reynders. Also, he stressed that “the monitoring and enforcement of the application of EU privacy and data protection law, including the assessment of complaints in individual cases, fall primarily within the competence of national authorities and courts” and “if an individual considers that the processing of his/her personal data constitutes a violation of EU data protection rules, he or she may lodge a complaint with the Member State’s data protection authority”.
Photo Credit : https://pixabay.com/vectors/spain-country-europe-flag-borders-1758851/