European countries are exporting surveillance tech to countries with poor human rights records, report says

European surveillance technology companies have sold spyware and similar intrusion tools to countries with documented human rights abuses, according to a new report.

The report, released by the advocacy group Human Rights Watch on Tuesday, alleges that the European Commission has failed to effectively police member states' surveillance tech sales despite the 2021 implementation of updated bloc-wide export rules designed to rein in the practice.

Companies in Bulgaria, Poland, Finland, Denmark, Estonia and the Czech Republic collectively sold surveillance technology to over two dozen nations with a history of human rights violations, according to Human Rights Watch, which based its report on trade documents obtained through freedom of information requests.

France, Greece, Spain, Germany and Italy — all known exporters of the surveillance tech — refused to share their relevant trade records or ignored Human Rights Watch’s request, the report said.

Spyware and surveillance tech is big business in the European Union with a majority of member states hosting at least one vendor of the wares, according to the report.

All but two of the companies named in a 2024 Google Threat Analysis Group report about the commercial surveillance industry are based in the EU.

“Despite a regulatory framework designed in part to prevent abuses, the EU currently is doing too little to prevent sales and transfers from its member states to governments with a track record of using such technologies for crackdowns on dissent and other serious rights violations,” the report said. 

The EU’s 2021 law updating export rules for commercial surveillance tools expanded the definition of what constitutes a surveillance technology product, mandated that countries exporting the tech take into account human rights practices of customer countries and created a reporting regime intended to track exports of the tech for review by the European Commission, the report said.

The commission plans to evaluate the updated rules in September, the report said, asserting that EU government bodies must “use this opportunity to strengthen due diligence and transparency requirements to ensure the EU finally curbs its export of surveillance technology to abusive governments around the world.”

‘Significantly strengthened export controls’

Spyware abuses have skyrocketed in recent years as a growing number of governments have procured the technology despite several scandals involving use of the tools to snoop on dissidents, journalists and other members of civil society.

A spokesperson for the European Commission said in a statement that it “attaches great importance to cyber-surveillance items, which is why the EU has significantly strengthened export controls for such items, stipulating that they cannot leave the EU territory without an export authorisation (or license) issued by the competent authority of the member states.”

The statement emphasized that the member states are ultimately responsible for deciding which surveillance tech to export to destination countries.

“Export controls need to be regularly updated to adjust to evolving security risks and threats, rapid developments in science and technology,” the statement said. “To this end, the Commission has a constant dialogue with industry, academia and civil society, in an effort to strike the right balance between security and trade.”

The names of the firms found to be exporting the tech to human rights abusing countries were not included in the Human Rights Watch report. 

Bulgaria emerged as a top exporter of commercial surveillance tech, the report said. Bulgarian companies exported the tech to more than twenty countries, including authoritarian regimes like the United Arab Emirates and Azerbaijan, according to the report.

A spokesperson for the Bulgarian embassy in Washington did not respond to a request for comment.

Poland was found to have allowed the sale of systems used to listen in on phone calls to Rwanda, another country with a history of human rights abuses, the report said.

The Polish Embassy in Washington did not respond to a request for comment.

“Increasing government use of commercial spyware and other types of surveillance technology poses a significant threat to human rights worldwide,” the report said. “The European Union, whose member states are home to many of the companies that develop and export such technologies worldwide, is part of the problem.”