TASZ coordinated Pegasus multi-jurisdiction legal action announcement (27 January 2022)

On Thursday 27 January 2022, the Hungarian Civil Liberties Union (TASZ) held a press conference in Budapest to announce a coordinated multi-jurisdiction legal strategy against the Hungarian state's surveillance of six named clients — four investigative journalists, a Belgian student activist, and one anonymous individual — through the Pegasus mercenary spyware system developed and sold by the Israeli surveillance company NSO Group. The announcement was the first systematic public civil-society legal challenge in Hungary following the Forbidden Stories Pegasus Project of 18 July 2021, which had identified approximately three hundred Hungarian phone numbers in the leaked NSO Group surveillance-targets database and named Hungary as one of the system's most heavily documented state-customer deployment sites in Europe.

Context: the July 2021 Pegasus Project revelations

The Pegasus Project — coordinated by Paris-based Forbidden Stories in partnership with Amnesty International's Security Lab and seventeen international media partners, among them the Budapest-based investigative outlet Direkt36 — published its findings on 18 July 2021 in a globally coordinated release. The leaked NSO Group surveillance-targets database, which the consortium obtained and analyzed, contained approximately fifty thousand phone numbers across more than fifty countries; in Hungary, approximately three hundred numbers appeared in the database, including investigative journalists, lawyers, opposition politicians, and activists. Among those whose phones were forensically confirmed as infected or targeted were Szabolcs Panyi and fellow journalists at Direkt36, the outlet that had co-published the Hungarian story on the same day as the global consortium release.

The Hungarian government's initial response was denial; by November 2021, the chair of Parliament's Defence Committee, Lajos Kósa, had publicly confirmed that Hungary had used Pegasus, characterising the surveillance as "completely legal" under Hungarian national-security law. The confirmed operator was the Special Service for National Security (SSNS), operating under the Interior Ministry. The parliamentary national-security committee — the domestic oversight body with formal jurisdiction — refused to investigate in any transparent form; its majority members boycotted proceedings and, when minutes were filed, classified them until 2050. Against this institutional record — official acknowledgement of the system combined with effective closure of every domestic oversight channel — TASZ concluded that simultaneous multi-jurisdiction filings were the only viable strategy.

The announcement and legal strategy

TASZ's 27 January 2022 press conference announced simultaneous, coordinated filings across seven distinct proceedings tracks, structured to use every available legal channel without sequential exhaustion. The domestic tracks comprised: proceedings before Hungarian courts; cases before the National Authority for Data Protection and Freedom of Information (NAIH), whose jurisdiction extended to state surveillance of private individuals under Hungarian data-protection law; requests for investigation to Parliament's National Security Committee; and a complaint to the Commissioner for Fundamental Rights. The international tracks comprised: a complaint to the European Commission on behalf of Adrien Beauduin, whose status as a Belgian citizen gave him standing as an EU citizen whose rights had been violated by a member-state government; lawsuits before the European Court of Human Rights on behalf of multiple clients; and an investigation request to the Israeli Attorney General regarding whether NSO Group had committed a criminal offence in obtaining the Israeli state export licence under which Pegasus was sold to Hungary.

The multi-forum structure — filing simultaneously across every accessible channel rather than proceeding sequentially — reflected the legal team's assessment that domestic sequential exhaustion would take years, allow the institutional record to be suppressed, and delay the international proceedings where the most durable legal remedies were available. The Israeli Attorney General track was structurally novel: it aimed to establish whether NSO Group's export-licence conduct had constituted a criminal offence in Israel, working toward accountability at the supply side of the surveillance chain rather than only at the customer-state level.

TASZ surveillance expert Ádám Remport framed the strategy's Central and Eastern European register at the press conference: "The use of the secret services to serve those in power rather than the nation as a whole is appallingly familiar in Central and Eastern Europe" — connecting the Hungarian Pegasus deployment explicitly to the region's longer history of security-service capture.

Clients and legal team

The six initial clients were: Brigitta Csikász, Dávid Dercsényi, Dániel Németh, and Szabolcs Panyi, all journalists at Direkt36; Adrien Beauduin, a Belgian student activist whose participation in pro-democracy events in Budapest had resulted in his phone being confirmed as a Pegasus target; and one anonymous individual. The selection was deliberate across three dimensions: the journalist-clients anchored the domestic and ECtHR proceedings on press-freedom and privacy grounds; the EU-citizen client opened the European Commission complaints track through his standing as a citizen of a member state other than Hungary; and the anonymous client maintained a pathway for individuals whose targeting could not be publicly confirmed without endangering them.

The legal team comprised TASZ's in-house lawyers Tivadar Hüttl, Flóra Kollarics, and Kata Nehéz-Posony, coordinated by Ádám Remport, and supported by external counsel Balázs Tóth (a Hungarian human-rights lawyer) on the domestic and European tracks and Eitay Mack (an Israeli lawyer and independent expert on NSO Group's export-licence practices) on the Israeli Attorney General track.

Institutional obstruction

TASZ's July 2022 one-year analysis documented systematic obstruction across every domestic channel. The Parliamentary National Security Committee's Fidesz-majority members boycotted proceedings; committee minutes were classified until 2050. The Commissioner for Fundamental Rights deflected civil-society complaints to the Data Protection Authority without legal basis; the DPA, examining only Hungarian domestic-law compliance rather than EU data-protection or fundamental-rights standards, found no violations. Hungarian prosecutors closed their criminal investigations in June 2022, finding the documented surveillance lawful — consistent with the government's November 2021 characterisation, and providing no remedy to any target. The one-year analysis set the domestic outcome against the structural context: Hungarian state surveillance had grown 40% between 2015 and 2021, and TASZ's summation — "even unlawful surveillance is legal if carried out for national security purposes" — named the legal gap the proceedings had been designed to test and that the institutional response had confirmed was not self-closing.

Expansion and subsequent proceedings

The ECtHR track expanded substantially beyond the initial six clients as the domestic exhaustion-of-remedies requirement was progressively satisfied. By February 2023 the European Court of Human Rights had registered a mass action on behalf of thirty-six clients — journalists, activists, and civil-society organisation members — placing the Hungarian state formally before the Court on the Pegasus surveillance of its civil society. TASZ also intervened in Brejza v. Poland before the ECtHR, placing TASZ's Hungarian litigation expertise in the broader European jurisprudence on Pegasus-targeting of elected officials and civil society, alongside proceedings in which Citizen Lab had conducted the forensic analysis of targeting during Poland's 2019 election campaign. In June 2023 the European Parliament's PEGA Committee (the Committee of Inquiry on Pegasus and equivalent surveillance spyware) condemned Hungary in its final report, naming the Hungarian Pegasus deployment among the most systematically documented uses of commercial spyware against journalists and civil society within the European Union.

Significance

The 27 January 2022 announcement is the corpus's first event anchoring a European civil-society multi-jurisdiction legal strategy on mercenary-spyware accountability — closing the Eastern European government-surveillance civil-society-response event gap (previously zero event entries despite TASZ's Pegasus work and Panoptykon Foundation's Polish surveillance-accountability work each being present at the organisation level). It is structurally distinct from the corpus's existing Pegasus entries on two axes. First, on the legal-strategic axis: the Hungarian strategy's simultaneous seven-forum filing — including the Israeli Attorney General track, aimed at the supply side of the surveillance chain rather than only the customer-state — has no parallel in the corpus's other Pegasus response entries. Second, on the jurisdictional axis: where the R3D-led Mexican civil-society Pegasus response pursues accountability through domestic federal proceedings, Inter-American human rights bodies, and international investigative coalitions, the Hungarian response operates inside the European Union's own institutional and judicial architecture — making the European Commission, ECtHR, and (through PEGA) European Parliament tracks available in ways they structurally are not for non-EU states.

Inside the corpus's European government-surveillance event register, the 27 January 2022 announcement sits alongside the EDRi-coordinated Reclaim Your Face ECI launch (the biometric-mass-surveillance petition track) and the Big Brother Watch-coordinated UK facial recognition joint statement (the UK legislative-advocacy track) as the three European civil-society anchor events on state surveillance — each in a different national context, each in a different legal-strategic register. The TASZ Pegasus action is the only one of the three anchored on targeted mercenary spyware rather than mass biometric surveillance in public space, and the only one that opens simultaneous judicial proceedings on three continents on the day of its public announcement.