EU states export surveillance technology to countries that violate human rights
Human Rights Watch denounces that the European law that was supposed to prevent these sales has failed
BarcelonaA program that can remotely activate the microphone and camera of a mobile phone or access message history. Software capable of scanning real-time traffic to identify people and generate profiles. A device that connects to a computer or mobile phone and can download all its information by bypassing passwords. These and other technologies manufactured in member states of the European Union too often end up in the hands of governments that violate human rights, despite current legislation to prevent it. This is the main conclusion of the report "Looking the Other Way" published this Tuesday by the NGO Human Rights Watch, which denounces that the European Union's mechanisms to prevent these exports have failed.
In 2021, the European Union launched a law aimed at curbing dual-use technology, that is, technology that can be used for civilian purposes, but also military ones. This legislation obliged member states to consider the human rights record of the destination country before authorizing sales and to collect data on which cyber surveillance technologies they sell and send it to the European Commission to include it in a public report.
But now HRW denounces that the European Commission has not prevented these types of exports. It considers that the Commission is hiding behind a directive from 2024 which, in practice, waters down the law and protects corporate secrecy. "There is the law and then, the implementation of the law," Zach Campbell, a Human Rights Watch researcher and author of the report, tells ARA. "The data they are publishing is not what it should be according to the law," he warns.
To prepare the report, the organization requested data from all European countries on these types of exports, but encountered many obstacles. They only obtained information from seven countries. "Some countries said they do not report these exports to the EU, which in theory means they do not export these types of products. Others said that the data we were requesting were trade or security secrets," he says. Campbell, however, debunks the argument: "When the data is finally obtained, it is seen that they are simple statistics and numbers aggregated by categories. There are no product or person names." Furthermore, the report explains that the Commission even provided certain states with the message they should use to deny transparency requests.
Software in Azerbaijan and Rwanda
Despite the obstacles, the responses from seven countries have exposed worrying sales routes to countries with documented histories of repression, which are currently taking place. For example, Bulgaria has exported intrusion and interception software to the government of Azerbaijan, with a history of persecuting journalists and activists, but also to Somalia or Israel. Poland sold interception systems to the government of Rwanda, known for using digital surveillance to pursue dissidents both within the country and in the diaspora. And the Czech Republic sent surveillance material to countries such as Somalia, Egypt, or Iraq.
There are also other cases, such as Sweden, which illustrates a way to circumvent legal control. The document states that a Swedish company (MSAB) exported data extraction tools. However, it considered this technology for police or forensic use rather than surveillance to circumvent the obligation to report to the European Commission. This loophole in the 2024 guidelines allows the country to officially declare zero cybersecurity exports while its equipment reaches repressive regimes.
For their part, the major EU exporters (France, Germany, Greece, Cyprus, Italy, and Spain) have blocked the NGO's information requests, despite exhausting appeal avenues.
From the report's conclusions, it is clear that the EU, by allowing European technology to fall into the hands of regimes like Azerbaijan or Rwanda, becomes a necessary accomplice in the persecution of journalists and activists on a global scale. And at the same time, it emphasizes the obstruction of transparency by stating that the lack of data is not the result of bureaucratic inertia, but of a deliberate political decision.
