Remember when phones were only for calling? Or when laptop computers were barely portable, tablets were basically science-fiction and clouds were only something you saw in the sky? Around 2007, with the launch of the first touchscreen smartphone, the world changed. Mobile devices and remote data storage led to the collection of enormous quantities of data, reflecting the life of the users but also of their families, friends and colleagues.
The challenges raised by this technological development have extended to white collar crime proceedings, some of these will be addressed below, not least because the last proper reform of the Austrian Criminal Procedure Code was in 2008 and thus could not have considered the vast data available since then. Discussions about the outdated legal situation continue, but without any clear indication of which issues will be addressed and when.
(No) Need for a court order to seize mobile data carriers and evaluate data
Ordinary devices can be seized just by a warrant from the Public Prosecutor's Office (PPO). Whether this legal status extends to mobile data carriers has been a hotly contested question in the field of white collar crime law in Austria for considerable time. In a recent decision, dated 14 December 2023, the Constitutional Court ruled the seizure of mobile data carriers, and evaluation of data found on them, without prior judicial authorisation was unconstitutional because it violated the Data Protection Act and the right to privacy. Whereas the Constitutional Court also highlighted certain aspects which the law makers will have to consider when drafting and adopting new provisions, such as prior judicial authorization and weighing up and balancing the public interest against the fundamental rights of persons concerned, even suggestions for the new provision(s) have yet to be made public by the government. Only one thing is certain: The current law will cease to be in effect with the expiry of 2024.
Insufficient description of the information sought
In warrants or court orders, the data to be searched and seized is usually described vaguely, regularly circumscribed by terms like "in particular". This practice leads to the PPO being able to seize vast amounts of data, a significant percentage of which is irrelevant for the pending proceedings, either by taking away the mobile data carriers or by extracting the data on site.
People subjected to searches and seizures are typically neither in in the right mindset nor equipped to assess how to deal with the PPO. They are either too emotional and want to block the entire operation or they are too anxious to contradict the PPO and are ready to grant all its requests. It is up to lawyers to find the right balance between avoiding unnecessary tensions while ensuring that only such data are being searched and seized that can be derived from the warrant or court order. A theoretically straightforward, yet practically often contested example, is focusing on whether only data that falls within the timeframe described in the warrant or court order is being targeted. It is therefore crucial to immediately consult a lawyer experienced with searches and seizures.
Legal implications of excessive data seizures
Besides the disruption to the person's private and professional life, there are three major legal implications when excessive data is seized:
- Nobody except the investigating authorities is entitled to have access to the seized data before the PPO concludes which data are relevant for the pending proceedings. Suspects are not involved in this process, even though they might have a different knowledge and perception of the facts under investigation and a review or legal protection is not possible.
- Under Austrian law, the "fruit of the poisonous tree" principle is, in general, not applicable. Consequently, even if the searched and seized evidence might in retrospect be qualified as not having been rightfully obtained, this does not lead to evidence found based on such evidence being unusable.
- There is no legal provision prohibiting the PPO from using evidence it finds by chance that might give rise to different allegations. Again, this stands in contrast to such evidence obtained via wiretapping.
Outlook
Given the above, it is unsurprising that data management has essentially become a new, separate field within white collar crime law. For lawyers, it requires a blend of expertise on the applicable domestic and European laws, technology and soft skills with regard to handling matters with the PPO. Mastery of all these facets is needed to provide clients with the best possible advice. At the same time, clients need to be aware of the complexity of the matter outlined and proactively seek legal advice.
One thing is certain: The management of data will remain a hot topic and will accompany us for the foreseeable future in white collar crime law in Austria.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.