A Backdrop of the Case


International Agreements and National Legislation

  1. International Covenant on Civil and Political Rights (ICCPR)
  2. Budapest Convention
  3. Wassenaar Arrangement


Internationally Judicial Approach of the Case


India’s Approach to the Case

  1. Overview of Indian Legislation
  2. Parent Case & Precedents
  1. Manohar vs. Union of India
  2. K S Puttaswamy v Union of India
  3. Anuradha Bhasin v. Union of India
  4. Ram Jethmalani v. Union of India
  5. Supreme Court’s Decision & Direction


Deliberation of this Case








‘If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology’

  • Bruce Schneier

The NSO Group, a public Israeli-based cyber tech firm issued an obtrusive interceptive tech surveillance, known as Pegasus Spyware. Pegasus is a very invasive, nearly invisible spyware that can remotely monitor cellphones and other mobile devices without a click. Its capacity to infiltrate data stored in the mobile cloud and obtain personal core identification data remotely without the target’s knowledge demonstrates how intrusive it is. It has shown that this type of monitoring technology is open to unauthorized usage, particularly when it comes to infringing upon fundamental freedoms and rights.


The Pegasus spyware Case is an invasive cyber-surveillance tool intended to obtain mobile device data covertly. Significant investigative journalism has been published on this malware, and it has revealed a startlingly high amount of Pegasus abuses. Since Pegasus has been used, among others, against members of the press, human rights activists, entrepreneurs, oppositional political leaders, and even lawyers, these misuses have been regularly connected to abuses of human rights. The reason for government abuse of surveillance technology appears to be clear since the NSO Group only sells its spyware to governments. This field’s regulation can be characterized as fragmented and opaque, which allows for abuse and fosters an unregulated atmosphere. 

The countries of India, the United Kingdom, Spain, Greece, Mexico, Saudi Arabia, Israel, and the United States have been chosen to illustrate that the difficulties associated with regulating surveillance technology are worldwide concerns from the period 2017 to 2019. Furthermore, the selection of these nations was based on their association with the Pegasus spyware. There are ongoing cases involving Pegasus and the NSO Group in the UK, India, and the USA, as well as proven misuses in Saudi Arabia, Israel, Spain, Mexico, the UK, India, and the USA. While Pegasus has not been abused in Greece, there have been problems with comparable invasive monitoring spyware. Additionally highlighted is Israel, the nation from where Pegasus is delivered.

  1. The ‘International Covenant on Civil and Political Rights (ICCPR)’ highlights the freedom of expression and the right to privacy. It also legally requires governments and regulatory agencies to employ surveillance technologies following the law and stipulates that recognize their obligation to uphold human rights
  2. A legally binding agreement that places a strong emphasis on combating cybercrime is the ‘Budapest Convention’ on Cybercrime. Like the ICCPR, it suggests laws for surveillance technologies within the context of cybercrime rather than expressly regulating them. These mostly relate to how the use of surveillance technology in investigations is impacted by the criminalization of cybercrime. It also places more emphasis on privacy and data protection, which affects the deployment of surveillance technologies.
  3. Legally binding international treaties that secure and protect data are the ‘Convention for the Protection of Individuals regarding the Automatic Processing of Personal Data (Convention 108)’, as well as the amendments to it, Convention 108+. Individual rights are now prioritized more after the amendment, giving people greater freedom to regulate their data.
  4. The non-binding ‘Wassenaar Arrangement’ governs export restrictions for conventional weapons and dual-use commodities and technologies, which include both military and civilian products and technologies. Though not all states have included the agreement in their national laws or have even heard of it, there has been inconsistent control over states obtaining dual-use technologies. The goal is to guarantee the responsible and transparent transfer of these items, so they do not contribute to destabilizing regional or international security. Moreover, it is debatable to what extent the Pegasus spyware qualifies as dual-use technology. Although some classify Pegasus as a cyber-weapon, which would make it covered by the Agreement, Israel would have to determine if this applied to Pegasus and take appropriate action if it did. It is additionally argued that because incursion software is not subject to the same restrictions as other technologies, surveillance systems like Pegasus do not fall within the Wassenaar Arrangement.

The Stakeholder Analysis methodology was adopted to categorize the section of victims of the Pegasus software, to which the categories were classified into (i) Civil Societies; (ii) International & Regional Organisations; (iii) Government; and (iv) Private Entities. 

The Civil Society relies on (i) Forbidden Stories, (ii) Amnesty International Security Lab, and (iii) Citizen Lab. Secondly, International & Regional Organizations rely on (i) the United Nations, and (ii) the European Union.  Thirdly, The Governments of Spain, Mexico, the UK, India, the USA, Israel, Greece, and Saudi Arabia are concentrated on this case. Finally, the Private Entities rely on NSO Group.

Concerning the court’s judicial review the precedence was taken from the Case of Sanoma Uitgevers B.V. v. The Netherlands, which addresses conflicts between freedom of expression and private rights. Because of the implications of the ruling for access to journalistic materials, a lawful intervention could only be justified in cases where there is an overriding public interest requirement and no less intrusive measure could have served that overriding public interest. Examining prior instances and their consequences for surveillance regulation demonstrates the robustness of legal systems.

Based on the Stakeholder Analysis methodology and evident legislations for surveillance technology-based crime, the Plaintiffs in this Pegasus case are the Civil Society, Corporation, and Private Persons against the Defendants being Union of India, Kingdom of Saudi Arabia, and NSO Group, related to the following demands like (i) disclose the materials concerning the use of the software; (ii) any right to privacy breached, or regarding the protection of citizens, then the involvement of judiciary; (iii) declaring the use of software unlawful; (iv) Identifying and retrieving the data accessed unlawfully; (v) compensation to be obtained.


India currently does not have a distinct data protection law, but the regulation of personal data is governed by the Information Technology (IT) Act, of 2000.  

The Puttaswamy case in 2017 asserting the Right to Privacy as a fundamental right and the same to be safeguarded, paved the way for a committee to be formed on Data Protection chaired by Justice B. N. Srikrishna, to investigate data protection issues in the country. In July 2018, the committee recommendations were presented. The Personal Data Protection Bill, 2019 was introduced in December 2019 but was withdrawn in August 2022. 

In November 2022, a draft bill was made available for public comment, and the Digital Personal Data Protection Bill 2023 was introduced in the Parliament in August 2023.

  1. Manohar vs. Union of India is the parent case for Pegasus Spyware breaching fundamental rights such as Rights to Privacy and the Right to freedom of expression.
  2.  K S Puttaswamy v Union of India (“Puttaswamy” case) the landmark case in India upheld that the Right to privacy is fundamental for human existence and is an inalienable right.
  3. Anuradha Bhasin v. Union of India, case refers to the ‘surveillance & freedom of the press’.
  4. Ram Jethmalani v. Union of India, is the case referring to the fundamental rights breached by not providing sufficient information or withholding the same in the name of ‘national security’ to not be excused.

The Indian Supreme Court enlarged the Constitution’s guarantee of freedom of expression by emphasizing how important it is to everyone’s right to privacy, including journalists. The Court significantly protected the right to freedom of expression and connected it to the greater dignity and civility of life enjoyed by its citizens by ruling that the threat of eavesdropping and unapproved surveillance could not only cause self-censorship but also jeopardize the safety of journalistic sources and the proper operation of the media in a democracy.


The deliberation of the case can be focused on both International and National perspectives. The Stakeholder’s Analysis methodology clearly outlines the regulatory categories to segregate the victims and the defenders, who take their stand in the Pegasus Spyware.

Surveillance Technology has both pros and cons in its regulatory body’s implementations. Wherein most instances, it asserts the breach of the right to privacy and freedom of expression, and the same is conferred as not an absolute right concerning the ‘national security’.

Countries like Mexico, the UK, Saudi Arabia, India, Spain, Greece, and the USA, stated the Pegasus Spyware, in case of any abuse of the right to privacy or any Human rights, then the same is to be detected and relief to be obtained by any provided national legislation. If in case of any lawful interception then the transparency is to be maintained to the extent specified in the respective national legislation.

The United Nations has demanded an international moratorium on the transfer, sale, and use of surveillance technology until human rights compliance can be ensured utilizing legislative measures.


It is conceivable to prove that regulatory authorities have, to varying degrees, reacted to publications by civil society by addressing regulatory concerns related to surveillance technologies. It is advisable, nevertheless, to heed the UN’s proposal and declare a worldwide ban on the transfer, sale, and use of surveillance technologies until it is ensured that universal rights and freedoms are respected. The widespread abuse of surveillance technologies has had a chilling effect on human rights, as this research has demonstrated. It can only be adequately addressed by putting in place functional regulatory structures. This needs to be provided before using surveillance technologies going forward and running the risk of additional abuse, as happened with Pegasus malware.

  1. Laura Cristina Dieterle, Regulating The Invisible Spy – A Case Study of the Pegasus Spyware examining Surveillance Technology Regulation, Bachelor Thesis, University of Twente (WWU Munster), 
  2. Pegasus Case, News Analysis, Drishti IAS, 
  3. Pegasus Case, Shankar IAS Parliament,,journalists%2C%20activists%20and%20many%20others 
  4. FAQs:
  5. What is the Pegasus Spyware Case concerned about?

Pegasus Spyware case is dealing with the issue, where it has breached Human Rights (i.e., the Right to Privacy & Right to Freedom of expression), by way of surveillance technology (i.e., illegal access to data) in smartphones & laptops or any other gadgets, by the NSO Group (an Israeli Corporation) through ‘Zero Click Installation’.

  1. Is the Pegasus Case concealed only to India or even other countries?

This Spyware attack has been an issue not only in India but also in countries like Mexico, the USA, the UK, Saudi Arabia, and a few parts of the European Union.

  1. What are the remedies sought in this case?
  1. To attain transparency in the lawful interception of the nation by way of the Pegasus Spyware (if declared lawful), and to have any excuse in the name of ‘lawful interception by way of national security’;
  2. To have a judicial interception in case of any Human Rights violation;
  3. To protect the Human Rights that are mandated by the United Nations and its ancillary bodies;
  4. To make any further recommendations accordingly.


Vinodini Priya. S,

BA-LLB (Final Year) Student of Government Law College, Vellore. Tamil Nadu.


Leave a Reply

Your email address will not be published. Required fields are marked *