The most important facts at a glance
- The limitation period for spying on data is generally five years from the end of the offense
- The limitation period can be suspended or interrupted by various circumstances, which extend the time limits
- Spying on data can result in claims for damages and compensation for pain and suffering
Why the statute of limitations is relevant when spying on data
The digital age brings with it new challenges for the protection of personal and business data. For those affected and potential perpetrators alike, the question of the statute of limitations is of crucial importance. The statute of limitations determines until when criminal prosecution is possible and when civil claims expire.
Understanding the legal framework is of great importance for both victims and companies. While victims need to know how long they can assert their rights, companies need clarity about the possible long-term legal consequences of data breaches.
Legal basis for spying on data
The offense according to § 202a StGB
Spying on data is regulated in Section 202a of the German Criminal Code (StGB), while data alteration is regulated in Section 303a of the StGB. § Section 202a of the Criminal Code covers the unauthorized provision of access to data that is stored or transmitted electronically, magnetically or otherwise not directly perceptible and that is not intended for the perpetrator.
The criminal provision protects the confidentiality of data and the interests of the authorized parties in controlling their information. It covers all types of electronically stored data, regardless of whether it is personal, business or other information.
Penalty range and classification
Spying on data is punishable by a prison sentence of up to three years or a fine. It is an offense within the meaning of Section 12 StGB, as the minimum sentence is less than one year. However, longer limitation periods may apply in connection with other criminal offenses. This is particularly relevant if spying on data serves as a preparatory act for other offenses.
Limitation periods for spying on data in detail
Basic limitation period
According to Section 78 of the German Criminal Code, prosecution of offenses punishable by imprisonment of more than one year and up to five years is time-barred after five years. As spying on data is punishable by up to three years' imprisonment, the five-year limitation period applies.
This period generally begins to run when the criminal act is completed. In the case of single acts of access, this is the time of the unauthorized data access. In the case of longer spying operations, the limitation period only begins after the last criminal act.
Special features of continued actions
In practice, spying on data often takes place over longer periods of time. If a perpetrator repeatedly and systematically accesses other people's data, this may constitute a continuous act. In such cases, the limitation period only begins to run after the last partial act.
Suspension and interruption of the limitation period
The limitation period can be suspended or interrupted by various circumstances. Suspension occurs when certain events temporarily delay the expiry of the limitation period without destroying the time that has already elapsed.
Interrupting acts, on the other hand, cause the limitation period to start running again. The most important interrupting acts include the filing of public charges, the opening of main proceedings and the issuing of a penalty order.
Practical challenges with the statute of limitations
Discovery of the deed
One of the biggest practical challenges when spying on data is that the crime is often only discovered long after it has been committed. Unlike physical crimes, spying on data often leaves no immediately recognizable traces.
Many companies and private individuals only become aware of data theft when the spied information is misused or when irregularities are discovered during security checks. By this time, a significant part of the limitation period may already have expired.
Civil law claims and their statute of limitations
Claims for damages
In addition to criminal prosecution, injured parties can also assert claims under civil law. According to Section 195 of the German Civil Code (BGB), claims for damages in tort expire three years after the end of the year in which knowledge of the damage and the tortfeasor was obtained.
The three-year period only begins to run when the injured party becomes aware of both the damage and the identity of the perpetrator. In the case of unknown hackers, the limitation period can therefore be considerably delayed.
Claims for compensation for pain and suffering
In the event of serious infringements of personal rights, claims for damages for pain and suffering may also arise. These are subject to the same three-year limitation period as other claims for damages.
The publication of intimate data or identity theft in particular can give rise to considerable claims for damages, which can be pursued independently of the criminal statute of limitations.
Practical tips for those affected
For injured parties
If you suspect that you have been the victim of data spying, you should act immediately. Collect all available evidence and document suspicious activities. The sooner you take action, the greater your chances of successful legal action.
File a criminal complaint, even if you do not yet know all the details of the crime. Once the investigation has begun, the statute of limitations can be interrupted and give you time to gather further evidence.
Also check your civil law claims. These can be asserted independently of criminal prosecution and are subject to different limitation periods.
For companies
Implement effective monitoring systems to quickly detect unauthorized data access. The earlier you discover a crime, the better your options for a legal response.
Document all security incidents carefully and keep relevant log files. These can be decisive in the subsequent prosecution of perpetrators and in determining limitation periods.
Develop clear procedures for dealing with cybersecurity incidents and train your employees accordingly. Quick and appropriate responses can minimize legal consequences.
Recommendations for action on statute of limitations issues
Checklist for acute cases
- Immediate preservation of evidenceDocument all available traces of the crime
- Chronological classification: Try to determine the period of the crime as precisely as possible
- Reimbursement of chargesImmediately file a criminal complaint with the competent police authority
- Expert advice: Get legal support for complex matters
- Civil law examinationCheck possible claims for damages in parallel
Preventive measures
Develop an awareness of the legal deadlines and systematically document safety-relevant events. Good documentation can be decisive in subsequent legal disputes.
Keep yourself regularly informed about new developments in cyber criminal law and adapt your security measures accordingly. The law is developing particularly dynamically in this area.
In the case of complex matters or international implications, you should seek expert legal advice at an early stage. The particularities of the statute of limitations in cybercrime require specialized knowledge.
Act in good time in the event of data spying
The statute of limitations for spying on data follows clear legal rules. The basic five-year period can be suspended or interrupted by various circumstances, which can result in considerably longer prosecution periods.
For those affected, it is crucial that they assert their rights in good time and keep an eye on both criminal and civil law options. The different limitation periods require a differentiated consideration of each individual case.
Increasing digitalization and the development of new forms of attack are constantly presenting the law with new challenges. Expert legal advice is therefore essential in cybercrime cases in order to make optimum use of all available legal remedies.
If you have been affected by data spying or have legal questions about limitation periods, you should not hesitate to seek professional help. Time rarely works in favor of the victim, so it is all the more important to act quickly and purposefully.
Frequently asked questions
The limitation period is generally five years from the end of the offense. In the case of continued acts, the period only begins to run after the last act.
The limitation period begins with the end of the criminal act. In the case of one-off accesses, this is the time of the unauthorized data access, in the case of longer spying operations after the last criminal act.
Yes, the statute of limitations can be interrupted, for example, by an investigation by the public prosecutor's office, the filing of charges or the issuing of a penalty order. After the interruption, a new limitation period begins.
The time of discovery has no influence on the start of the criminal statute of limitations. This runs from the end of the offense, regardless of when the offense is discovered.
Yes, civil law claims for damages and compensation for pain and suffering are time-barred three years after knowledge of the damage and the injuring party.
In the case of continued actions over a longer period of time, the limitation period only begins to run after the last partial action. Each new unauthorized access can restart the limitation period.
Secure all evidence immediately, document suspicious activities and file a criminal complaint. Seek expert legal advice in complex cases.
Yes, civil law claims can still exist even after the criminal offense has become time-barred, as they are subject to other limitation periods.
In cross-border cases, the statute of limitations generally continues to run, even if investigations are delayed due to international legal assistance. Only in special cases can a suspension occur.
Log files are decisive for the chronological classification of criminal acts and can be of great importance in determining the limitation periods and their interruption.