Habeas Data and its regulation through article 197.2 of the penal code

Introduction

The crimes of discovery and disclosure of secrets are included in Chapter I of Title X of the Criminal Code.

Once developed the basic modality of the discovery of documentary secrets (art. 197.1 CP) that we could see in another article. Now it is time to analyze the basic modality of the discovery of confidential data (art. 197.2 PC).

To do so, we will explain what is the protected good by article 197.2? What is Habeas Data? What does the jurisprudence say about the requirements of this offence?

Article 197.2 of the Penal Code

This modality is based on the seizure, use or modification of personal or family data of a reserved nature. To speak about this offense, the data must be registered and/or filed in electronic or computer files. And they will have to be accessed to the detriment of a third party without the consent of this third party to execute the action. In addition, it will be equally punishable whether the files are stored in public or private records.

The active subject may be of any type (physical or legal). In addition, there will be no special conditions or requirements in the perpetrator who infringes the criminal precept.

The suspect must act voluntarily. And he/she must be aware that he/she is accessing information, secrets or reserved data without legitimate authorization.

The conduct relating to crimes against freedom of information only recognizes willful misconduct. Thus, the conduct to be punished must be intentional, i.e., there must be an intention to carry it out. Hence the requirement that the perpetrator acts to the detriment of a third party. This third party, to whom the precept mentions, will not have previously given consent to carry out the action.

The material object on which the typical conduct falls is the reserved data. This makes it necessary to determine what will be considered as reserved data. And thus, in the wording of the type, imperfections that have originated a certain interpretative obscurity are evidenced. The question arises as to whether access to documents contained in archives, registers or supports of a personal nature is punishable. Or, on the contrary, if only the access to the files without accessing the documents is a punishable act.

Si te ha interesado este artículo no dudes en leer:

Regulation on Cookies: GDPR, ePrivacy Regulations and Cookie Act

Cookies are regulated through the so-called ePrivacy Directive, the LSSI and the RGPD. In this brief collaboration we analyze the present and the future (ePrivacy Regulation) of the regulation of cookies.

According to case law, these offenses infringe personal privacy by illegitimately using personal data included in a computer program. According to the Supreme Court, mere access is not enough. It will be necessary that the action has an orientation or intentionality in order to cause damage.

The penalty imposed on this article will be the same as that of paragraph 1. It will consist of imprisonment of one to four years and a fine of twelve to twenty-four months. This regulation aims to protect the control and privacy of personal data inherent to the individual.

What fundamental right does this article protect?

This article is included in the Organic Law 1/215 of March 30 implementing Directive 2013/40/EU.

Although this section tends to be confused with the previous one, the legal right protected is freedom of information technology or habeas data. As can be seen, it is very different from the right to privacy referred to in art. 197.1.

Thus, it seems necessary to remember what article 18.4 EC tells us. This article establishes that the law shall be responsible for limiting the use of information technology. It guarantees both personal and family honor and privacy as well as the full exercise of their rights. The constitutionalist doctrine questioned what the rise of computer progress meant for the privacy of individuals. Therefore, this right was developed. Its purpose was to protect personal data and prevent damage to privacy and freedom of information.

What is Habeas Data?

The crime enshrined in art. 197.2 is known as: Habeas Data or Crime against computer freedom.

The word Habeas Data comes from Latin and means “to have data present”. It is a jurisdictional action that ratifies the right of anyone to request, obtain, delete or correct information about himself.

This right encompasses any data bank or registry, whether in private or public institutions. And whether or not they are in computer records.

Criminal liability of legal entities

It should be noted that legal entities may incur in criminal liability for this type of offenses. The fines to be imposed on them will vary from six months to two years.

Also, measures such as the dissolution of the legal person, the closure of its establishments or the suspension of its activities for a period of time may be adopted. It may also entail disqualification from applying for public aid or subsidies, or prohibition from contracting with the public sector.

Examples extracted from case law.

Nowadays we live surrounded by a vast majority of the population that publishes its private life on social networks. In this way, it becomes a showcase that can sometimes have very negative consequences.

We have recently seen how a doctor has been sentenced to prison for falsifying his wife’s medical records. The doctor, who was interested in prejudicing her in the divorce, manipulated her medical history by adding two completely false pathologies. Therefore, he was sentenced to two years in prison for this article we are talking about, art. 197.2 Penal Code.

Another similar case occurred with a man who seized his ex-wife’s personal data. The convict took advantage of the fact that he was the sole administrator of the e-mails, which were linked to the woman’s ID. Thus, he downloaded photographs stored on the victim’s device. Later, having accessed the data, he formatted and deleted the information contained in the phone. For this, in STS 412/2020 of July 20, he was sentenced to three and a half years in prison.

As a last example, I will mention another very recent sentence. An employee, taking advantage of a moment of absence of his manager, accessed his information storage account. He also seized certain private files containing his business and personal information, including his passwords. For this and other intrusive activities, he was sentenced to prison for violation of art. 197.1 and 2.

Conclusion

This article has probably generated more interpretative problems than the other articles of Chapter I of Title X of the PC. By using rather similar terms in the wording, it makes it difficult to establish the distinction between the typical conducts in a clear way.

The article protects the right of individuals to control the data under their ownership. This is placed in archives and affects their privacy. For this purpose, these conducts that attempt or violate this right are sanctioned.

If this article has been of interest, we also suggest you to read the following article published on our website: Is the civil liability of the managers extinguished by a criminal acquittal?