Seizure and examination of mobile data in Austria: new legal framework finally passed in parliament

Quick recap

As we explain in detail in our Legal Insight of 21 November 2024 (https://www.schoenherr.eu/content/seizure-and-examination-of-mobile-data-and-data-carriers-in-austria-where-do-we-stand-and-what-s-next/), the Constitutional Court, with its decision of 14 December 2024 (G 352/2021), and the European Court of Justice (ECJ), with its decision of 4 October 2024 (C-548/21), deemed the current legal framework unconstitutional and incompatible with EU law respectively. It granted the lawmaker time until 31 December 2024 to amend the current regime.

So, what will change by introducing a separate legal framework for the seizure of mobile data carriers (not just phones) and data stored on them, as well as data that can be accessed through the carriers (i.e. data saved in clouds), for the purpose of examining the data?

Requirement of a court order

The Public Prosecutor's Office (PPO) will have to request a court order (Beschluss) to seize mobile data carriers and their data. The new legal framework outlines the information a court order must contain, beyond what is already required for authorising invasive investigative measures, including the reasons why the measure is proportionate, the basis for assuming that evidence necessary for the proceedings will be found, the facts under investigation, and the suspicion underpinning the investigation. Now, the court order must further include:

• the category of the data searched for, e.g. communication data, metadata, photos, videos, location data, etc.;
• the content of the data, i.e. based on the investigated offence what content is expected to be derived from the data; and
• the time period from which the data originates presumably required to achieve the purpose of the investigations. If a time period cannot be determined for technical reasons, such as when recovered deleted data lacks a timestamp, the requirement to specify a time period does not apply.

As will be shown in the next chapter, these are the parameters based on which the seized data will be processed for the PPO to examine.

As regards e.g. house searches, where a similar set of information already must be provided, a rather broad definition of information searched for is being accepted especially in complex white-collar crime proceedings. It thus remains to be seen whether and to what extent the new legal framework will be applied similarly.

Subsequently, the PPO will order the seizure of the data to be executed by the Criminal Investigation Department (the police).

Separation of the processes of seizing, processing and examining data

The draft bill outlines three stages for the processing or setting up (Aufbereitung) of the data that will subsequently be examined by the PPO:

• Step 1
  • Creation of a 1:1 copy (backup) of the original raw data (Originalsicherung):
    • forming the basis for the forensic-technical processing of the data to be examined.
• Step 2
  • Creation of a copy of the original backup (Arbeitskopie):
    • forming the basis for executing the court order.
• Step 3
  • Result of the processed data (Ergebnis der Datenaufbereitung):
    • creation of trimmed down data set corresponding to the court order in terms of data categories, content and time.

Therefore, by the end of this process at the latest, a data set should exist that corresponds to the content of what the PPO and the court have ordered to be seized. This "result of the processed data" is subsequently to be examined (see next chapter).

The original copy and the working copy must be preserved in a way that ensures the integrity of the data. This data is not to be accessed, reviewed, altered or used under any circumstances.

However, renewed access, for which a new court order is required, can be granted to the PPO if, based on certain facts or circumstances, it is to be assumed that this will be required. Such a situation can occur if the examination based on the result of the processes data shows that the court order does not cover a period of time essential for the investigation, or if doubts arise about the reliability of the data, requiring new data processing.

Examination of the data

Once the data has been processed, the PPO conducts its examination (Auswertung). The law now specifically permits the PPO to use search parameters – something that has been in practice in complex and voluminous proceedings in the past – but obliges it to record which search parameters it used. This obligation addresses criticisms raised by the Constitutional Court regarding the lack of transparency in the examination of data.

Suspects and victims are explicitly entitled to request the examination of the result of the processed data based on additional search parameters. While this clarification is welcome, it was already possible for suspects and victims who have joined the proceedings as private parties (Privatbeteiligte) to file a request for the taking of evidence. The newly introduced provision thus seems to offer added value specifically for victims.

The data that has been examined becomes part of the investigation file. Only this information can be inspected through access to the file and relied upon during proceedings.

Exemptions

In certain situations of imminent danger (Gefahr im Verzug), the new legal framework allows the Criminal Investigation Department to independently perform the seizure and examination. However, this measure requires a prompt subsequent court order to ensure its legality. If the PPO's request is rejected, the information initially obtained must be destroyed. However, if the court's assessment indicates that it would have approved a request by the PPO even without imminent danger, it cannot refuse to grant the court order. Consequently, the information is not to be destroyed.

The new regulations do not apply to selective data (e.g. if only one particular picture or contract is being looked for) or recordings from image and sound recording devices that are captured in public or publicly accessible places (e.g. recordings from surveillance cameras). In these cases, seizure and examination can still be carried out by order of the public prosecutor's office without prior court approval.

Dealing with chance findings

One of the hotly debated topics during the legislative process was how to deal with chance findings (Zufallsfunde), i.e. evidence of a criminal offence other than the one that led to the seizure. Ultimately, the draft bill upholds the current framework, according to which such evidence can be relied upon for newly initiated proceedings. However, two particularities come into play:

1. the new investigations must be conducted separately, i.e. the PPO must initiate a new investigation file; and
2. as the PPO evaluates the result of the processed data only, this might reduce the likelihood of chance findings.
    

Nullity sanction in case of unlawful conduct

The court order issued by the competent court of first instance can be challenged through an appeal (Beschwerde), which must be filed within 14 days of receiving the court order. This appeal does not have a suspensive effect.

Under Austrian criminal procedure law, not every unlawful taking of evidence automatically leads to the evidence being excluded from the proceedings or sentencing. However, such consequences can be explicitly provided for, which the lawmaker has done in this instance. Thus, the results of the examination may only be used if the measure was lawfully ordered and authorised.

It needs to be added that, generally, Austrian criminal procedure does not have rules similar to the "fruit of the poisonous tree" doctrine. Consequently, the prevailing opinion is that the unlawfulness of the measure – and thus the unlawful obtaining of evidence – does not prevent this evidence from being used as grounds for further investigations, and results so gained can be used as evidence. There is one notable exception: if privileged documents are seized and the professional secrecy holder (e.g. a lawyer) objects, a screening process (Sichtungsverfahren) will be conducted during which the privileged documents will be removed. The findings from this screening may not be used as evidence or for further investigations.

Inspection rights

The new legal framework introduces the right to inspect the result of the processed data (step 3) to those suspects and victims whose data has been seized. If these suspects or victims believe that there is relevant evidence in the original or working copy that has not been processed and has thus not culminated in the result of the processed data, they will likely need to file a motion asking the PPO to request a new court order, based on which the PPO could again access the copies (cf above, last paragraph of the section headed "Separation of the processes of seizing, processing and examining data").

In addition, this inspection right does not apply to co-suspects.

Destruction of data

Under certain circumstances, the data will have to be destroyed, i.e. if

• the court order was appealed and the Appeals Court found that there was a lack of initial suspicion (Anfangsverdacht) (such suspicion is necessary for the PPO to initiate criminal proceedings); or
• the seizure took place because of an alleged imminent danger but a court order could not subsequently be obtained (for reasons other than the lack of imminent danger [cf the section headed "Procedure in the event of imminent danger" above); or
• the data resulting from the processing cannot be of relevance for the proceedings; or
• the proceedings have ended.

The role of the Legal Protection Commissioner

In general, Legal Protection Commissioners (Rechtsschutzbeauftragte) have supervisory duties. This competence will now be extended to the seizure of the discussed measure.

Importantly, if the seizure of data carriers and data is targeted against a person who, as a professional secrecy holder, is entitled to refuse to give evidence, the Legal Protection Commissioner's prior authorisation is required before the court's approval. The Legal Protection Commissioner may only grant such authorisation if there are particularly serious reasons that make the seizure appear proportionate, especially if there is a strong suspicion (dringender Tatverdacht) that the individual in question committed the crime.

Conclusion

Some amendments have been long advocated by lawyers, such as the requirement for a court order prior to executing the measure, better inspection rights, nullity sanctions in case of unlawfulness of the measure and greater transparency. As for other measures, it remains to be seen whether they will add value or significantly change current practices – for example, suspects' and victims' rights to provide search parameters, the competences of the Legal Protection Commissioner or the right to inspect the result of the processed data. Time will tell whether the concerns raised by the Constitutional Court and the ECJ have been adequately addressed.

Regardless, on a general level, it is to be welcomed that the Austrian Code of Criminal Procedure finally provides a specific framework for the seizure of mobile data carriers to examine data stored on them and accessed through them. However, there is not much time until the new legal framework comes into effect, making it a priority to become quickly familiar with the details.

author: Oliver M. Loksa, Marc Cistota