When she was working in Brussels, Meritxell Serret used a Belgian phone and a Belgian number. Between June 2018 and October 2020, while working as a representative of the Catalan government to the European Union, Serret was infected by Pegasus, a spyware exposing her messages and calls, and switching her camera and recorder on without her knowledge or consent. A report by the University of Toronto’s Citizen Lab determined that she had been spied on by the Spanish government.
Spyware abuse is not new. Commercial spyware, including the Israeli-made Pegasus technology, is widely used to target political opponents and journalists in countries from the United Arab Emirates to Azerbaijan. Tensions between Catalonia and Spain are not new, either. But in the wake of the Citizen Lab report, both issues landed side by side on the desk of Sophie in ’t Veld, the Dutch member of the European Parliament who launched the EU’s current efforts to investigate spyware abuse in Hungary, Poland, Greece, and Spain. Her investigation is defined as much by its stonewalling as by its findings.