IT and data protection
In the context of the increasing digitization of communication, business and trade processes, typical criminal law issues are increasingly shifting towards a technological level. Legislature and judiciary have long arrived in digital reality and adopt prosecution and penalties to present circumstances. Investigators and prosecutors have established special departments for the investigation of ‘cyber crime’.
Companies and individuals increasingly find themselves facing criminal charges in connection with the usage and processing of data and the access of digital information. A growing number of offences is related to criminal offences in the world wide web.
At the same time, a growing number of companies are in need for advice in connection with attack scenarios via technical networks, ranging from cases of computer fraud to data espionage to direct attacks on the data integrity through computer sabotage. Counsel and defence in these highly specialized fields require comprehensive technological and legal basic knowledge and experience. We are actively involved in respective investigations on a regular basis and counsel individuals and companies in the field of IT criminal law. It is often a crucial challenge to translate technological processes and operations into criminal legal terms and define them in this context. We competently and comprehensively counsel you in cases of IT criminal law – from the consultation on criminal law matters to conducting internal investigations to pressing charges.
IT criminal law for companies
In this context, the prevention and prosecution of such criminal cases are increasingly important. Constellations are extremely diverse. It is possible, for example, that departing employees are to unlawfully copy valuable databases and offer them to a rival company. Often, sensitive customer or client files are accessed or attempted to access and used illegally.
Digital technology in criminal proceedings
What exactly is internet crime?
Cyber crime in the narrower sense
The forms of offences are extremely diverse, developing continuously and at a pace that is difficult to keep track of. The investigation authorities are called upon to keep up with new advancements. The same applies to prosecution and criminal penalties. Many investigators and prosecutors have already established special departments for the investigation of cyber crimes.
Overview of cyber crimes in the narrower sense
The following offences class as cyber crime in the narrower sense:
- Data espionage, section 202a Criminal Code
Handling stolen data, section 202d Criminal Code
- Data manipulation, section 303a Criminal Code
- Computer fraud, section 263a Criminal Code
- Offences against data protection provisions
Important forms of internet crimes in the latter sense will be presented in the next section.
Regulatory offences against data protection
In general, the law on regulatory offences applies in the event of severe violations against the General Data Protection Regulation. Central in this context is the provision of section 41 Federal Data Protection Act (Bundesdatenschutzgesetz).
The term regulatory offence should not lead us to underestimate the seriousness of these offences. Legal consequences are often severe. Section 83 par. 5 GDPR, for example, stipulates fines in the amount of up to € 20 million or 4 per cent of the annual turnover.
Not only big international corporations but also medium-size companies are threatened with fines.
Phishing – Identity theft in the internet
This is often done with forged e-mails and input masks, websites or messages aiming to reveal user data, particularly bank details, and subsequently make money from their usage.
Such conduct usually fulfils the elements of several different offences. For example, data espionage as well as fraud – in the event of conduct towards a natural person – can be present. The legal appreciation depends on the individual case.
Extortion through ransom software
These crimes can pose an existential threat to the companies affected. They are offered to terminate the encryption and enable data access against payment of a certain amount of money.
In legal terms, this qualifies as data manipulation pursuant to section 303a Criminal Code as well as conventional extortion.
Section 263a Criminal Code: Computer fraud
Data manipulation can result from the incorrect design of the software programme or incorrect or unauthorized data usage. The broad formulation of the law creates a wide range of the facts of the case. The interpretation of individual cases, however, poses particular difficulties.
Section 202a Criminal Code: Data espionage
This legal provision covers so-called ‘hacking’. Given technological development, its different types are manifold.
Legally it is of no consequence how this unauthorized access occurs. It may occur, for example, through security gaps, malware, keylogger and many other ways. An intent to damage is not subject of the penal provision, although it will usually be present in this context.
Under section 202b Criminal Code, unauthorized data interception constitutes a criminal offence. Section 202c Criminal Code contains the provision according to which even the preparation of data interception is punishable.
Section 303a Criminal Code: Data manipulation
Section 202d Criminal Code: Handling stolen data
In addition, the element of the offence requires the intent of unlawful personal enrichment or the unlawful enrichment of a third party.
We are criminal lawyers
IT criminal law offers special opportunities for defense. We analyse the charges brought against you and develop solutions for your case. For this purpose, we can draw on decades-long specialized experiences, which allows us to achieve the optimal outcome. Of course we pay particular attention to various possibilities of proceedings being dismissed according to the Code of Criminal Procedure.