In a recent ruling, the Argentine Criminal Court of Appeals dismissed a complaint brought on charges of digital theft on the understanding that the alleged facts do not amount to a crime under Argentine law.

A private company filed a criminal complaint against a former HR manager, accusing him of misappropriating confidential information. The complaint alleged that the defendant had downloaded digital files with employee payroll information, which he later sent from his corporate email to his personal accounts.

The complainant asserted that the alleged facts amount to the crime of theft (Section 162 of the Criminal Code), and could eventually amount to the crime of unlawful access to a protected server (Section 153 bis of the Criminal Code). However, the Court of First Instance considered that the factual background presented by the complainant does not fall within the scope of any criminal definition under Argentine law.

Both the private complainant and the Public Prosecutor challenged the decision on appeal. After reviewing the case, the Criminal Court of Appeals confirmed the decision and ruled out any criminal activity on the part of the defendant.

In so deciding, the Court of Appeals highlighted that the definition of theft requires a displacement of the stolen assets, so that the original owner is deprived of his or her property. In this case, however, the defendant downloaded a copy of the files in question, meaning that the company never lost control over its digital data. Therefore, the Court of Appeals ruled that the facts under consideration do not meet the requisite elements of a theft claim.

As regards Section 153 bis, the Court of Appeals emphasized that that this criminal definition requires an intentional bypassing or hacking of network security mechanisms. However, at the time that the files in question were downloaded, the defendant -then HR manager- was indeed authorized to access and examine all information pertaining to company employees. Therefore, the Court of Appeals held that the defendant´s conduct did not entail an unauthorized access within the meaning of Section 153 bis.

The case exposes a significant loophole in Argentine criminal legislation, which could expose digital information to unlawful insider manipulation.