SITTIG LAW Law Firm Blog

Spying on data Statute of limitations

The statute of limitations for spying on data is generally five years from the end of the offense. However, it can be suspended or interrupted by certain circumstances. Those affected should secure evidence and act in good time in order to effectively enforce their criminal and civil claims.
Contents

The most important facts at a glance

Why the statute of limitations is relevant when spying on data

The digital age brings with it new challenges for the protection of personal and business data. For those affected and potential perpetrators alike, the question of the statute of limitations is of crucial importance. The statute of limitations determines until when criminal prosecution is possible and when civil claims expire.

Understanding the legal framework is of great importance for both victims and companies. While victims need to know how long they can assert their rights, companies need clarity about the possible long-term legal consequences of data breaches.

Legal basis for spying on data

The offense according to § 202a StGB

Spying on data is regulated in Section 202a of the German Criminal Code (StGB), while data alteration is regulated in Section 303a of the StGB. § Section 202a of the Criminal Code covers the unauthorized provision of access to data that is stored or transmitted electronically, magnetically or otherwise not directly perceptible and that is not intended for the perpetrator.

The criminal provision protects the confidentiality of data and the interests of the authorized parties in controlling their information. It covers all types of electronically stored data, regardless of whether it is personal, business or other information.

Penalty range and classification

Spying on data is punishable by a prison sentence of up to three years or a fine. It is an offense within the meaning of Section 12 StGB, as the minimum sentence is less than one year. However, longer limitation periods may apply in connection with other criminal offenses. This is particularly relevant if spying on data serves as a preparatory act for other offenses.

Limitation periods for spying on data in detail

Basic limitation period

According to Section 78 of the German Criminal Code, prosecution of offenses punishable by imprisonment of more than one year and up to five years is time-barred after five years. As spying on data is punishable by up to three years' imprisonment, the five-year limitation period applies.

This period generally begins to run when the criminal act is completed. In the case of single acts of access, this is the time of the unauthorized data access. In the case of longer spying operations, the limitation period only begins after the last criminal act.

Special features of continued actions

In practice, spying on data often takes place over longer periods of time. If a perpetrator repeatedly and systematically accesses other people's data, this may constitute a continuous act. In such cases, the limitation period only begins to run after the last partial act.

Suspension and interruption of the limitation period

The limitation period can be suspended or interrupted by various circumstances. Suspension occurs when certain events temporarily delay the expiry of the limitation period without destroying the time that has already elapsed.

Interrupting acts, on the other hand, cause the limitation period to start running again. The most important interrupting acts include the filing of public charges, the opening of main proceedings and the issuing of a penalty order.

Practical challenges with the statute of limitations

Discovery of the deed

One of the biggest practical challenges when spying on data is that the crime is often only discovered long after it has been committed. Unlike physical crimes, spying on data often leaves no immediately recognizable traces.

Many companies and private individuals only become aware of data theft when the spied information is misused or when irregularities are discovered during security checks. By this time, a significant part of the limitation period may already have expired.

Civil law claims and their statute of limitations

Claims for damages

In addition to criminal prosecution, injured parties can also assert claims under civil law. According to Section 195 of the German Civil Code (BGB), claims for damages in tort expire three years after the end of the year in which knowledge of the damage and the tortfeasor was obtained.

The three-year period only begins to run when the injured party becomes aware of both the damage and the identity of the perpetrator. In the case of unknown hackers, the limitation period can therefore be considerably delayed.

Claims for compensation for pain and suffering

In the event of serious infringements of personal rights, claims for damages for pain and suffering may also arise. These are subject to the same three-year limitation period as other claims for damages.

The publication of intimate data or identity theft in particular can give rise to considerable claims for damages, which can be pursued independently of the criminal statute of limitations.

Practical tips for those affected

For injured parties

If you suspect that you have been the victim of data spying, you should act immediately. Collect all available evidence and document suspicious activities. The sooner you take action, the greater your chances of successful legal action.

File a criminal complaint, even if you do not yet know all the details of the crime. Once the investigation has begun, the statute of limitations can be interrupted and give you time to gather further evidence.

Also check your civil law claims. These can be asserted independently of criminal prosecution and are subject to different limitation periods.

For companies

Implement effective monitoring systems to quickly detect unauthorized data access. The earlier you discover a crime, the better your options for a legal response.

Document all security incidents carefully and keep relevant log files. These can be decisive in the subsequent prosecution of perpetrators and in determining limitation periods.

Develop clear procedures for dealing with cybersecurity incidents and train your employees accordingly. Quick and appropriate responses can minimize legal consequences.

Recommendations for action on statute of limitations issues

Checklist for acute cases

  1. Immediate preservation of evidenceDocument all available traces of the crime
  2. Chronological classification: Try to determine the period of the crime as precisely as possible
  3. Reimbursement of chargesImmediately file a criminal complaint with the competent police authority
  4. Expert advice: Get legal support for complex matters
  5. Civil law examinationCheck possible claims for damages in parallel

Preventive measures

Develop an awareness of the legal deadlines and systematically document safety-relevant events. Good documentation can be decisive in subsequent legal disputes.

Keep yourself regularly informed about new developments in cyber criminal law and adapt your security measures accordingly. The law is developing particularly dynamically in this area.

In the case of complex matters or international implications, you should seek expert legal advice at an early stage. The particularities of the statute of limitations in cybercrime require specialized knowledge.

Act in good time in the event of data spying

The statute of limitations for spying on data follows clear legal rules. The basic five-year period can be suspended or interrupted by various circumstances, which can result in considerably longer prosecution periods.

For those affected, it is crucial that they assert their rights in good time and keep an eye on both criminal and civil law options. The different limitation periods require a differentiated consideration of each individual case.

Increasing digitalization and the development of new forms of attack are constantly presenting the law with new challenges. Expert legal advice is therefore essential in cybercrime cases in order to make optimum use of all available legal remedies.

If you have been affected by data spying or have legal questions about limitation periods, you should not hesitate to seek professional help. Time rarely works in favor of the victim, so it is all the more important to act quickly and purposefully.

Frequently asked questions

The limitation period is generally five years from the end of the offense. In the case of continued acts, the period only begins to run after the last act.

The limitation period begins with the end of the criminal act. In the case of one-off accesses, this is the time of the unauthorized data access, in the case of longer spying operations after the last criminal act.

Yes, the statute of limitations can be interrupted, for example, by an investigation by the public prosecutor's office, the filing of charges or the issuing of a penalty order. After the interruption, a new limitation period begins.

The time of discovery has no influence on the start of the criminal statute of limitations. This runs from the end of the offense, regardless of when the offense is discovered.

Yes, civil law claims for damages and compensation for pain and suffering are time-barred three years after knowledge of the damage and the injuring party.

In the case of continued actions over a longer period of time, the limitation period only begins to run after the last partial action. Each new unauthorized access can restart the limitation period.

Secure all evidence immediately, document suspicious activities and file a criminal complaint. Seek expert legal advice in complex cases.

Yes, civil law claims can still exist even after the criminal offense has become time-barred, as they are subject to other limitation periods.

In cross-border cases, the statute of limitations generally continues to run, even if investigations are delayed due to international legal assistance. Only in special cases can a suspension occur.

Log files are decisive for the chronological classification of criminal acts and can be of great importance in determining the limitation periods and their interruption.

Hamburg location
Head office
Martinistrasse 11
20251 Hamburg
Phone: +49 (0) 40 808 125 550
Fax: +49 (0) 40 808 125 559
Kassel location
Branch office
Motzstrasse 1
34117 Kassel
Phone: +49 (0) 561 510 053 80
Fax: +49 (0) 561 510 053 99
Frankfurt location
Branch office
Oeder Weg 11
60318 Frankfurt am Main
Phone: +49 (0) 69 710 471 070
Fax: +49 (0) 69 710 471 079
SITTIG LAW
Lawyer.
Specialist lawyer for criminal law.
Specialist lawyer for IT law.

[email protected]
Hamburg location
Head office
Martinistr. 11
20251 Hamburg
Tel: +49 (0) 40 808 125 550
Fax: +49 (0) 40 808 125 559

Contact form