The new Spanish Criminal Code entered into force on July 1st, 2015. Besides creating a Compliance Programme in order to exempt legal entities from being held criminally liable, the new law affects the IT sector by setting forth the following modifications:
Sexting: The new article 183 ter punishes with a penalty of up to three years' imprisonment those who contact children under the age of 16 through the Internet, the phone or any other information technologies and propose an encounter with sexual intentions. It is now a crime to establish such contact in order to obtain pornographic material showing minors.
- The use of telecommunications terminal equipment without the consent of the owner and causing the latter financial damage is a crime. The amount of the damage is hereby only taken into account in order to calibrate the penalty. This is punishable with a fine (article 256).
- New article 264 defines as a crime deleting, damaging, deteriorating, altering or rendering inaccessible computer data, computer programs or electronic documents belonging to a third party and the Criminal Code modification increases the maximum sentence to up to three years' imprisonment.
A new aggravated form is added, in which the penalty may reach up to five years' imprisonment in the event that the crime either affects a large number of computer systems or the computer system of a critical infrastructure (such as a central element to the maintenance of vital functions of a given society, health, security, protection and economic and social well-being) or entails a serious threat to the security of the State, the European Union or an EU Member State.
- New article 264 bis establishes a penalty of up to three years' imprisonment for severely hindering or interrupting the functioning of an information system without authorisation; this shall be a crime in the following cases:
- Whenever the aforementioned conducts are performed.
- Entering or transmitting data.
- Destroying, damaging, rendering useless, deleting or substituting a computer, telematics or electronic information storage system.
The use of personal data from a third party to access the system or to win the trust of a third party entitled to such access is construed as an aggravating circumstance.
- According to article 264 ter, it is now a crime with a penalty of up to two years' imprisonment to produce, acquire for use or provide to third parties, with the intent of committing the crimes described in the previous sections:
- A computer program created for the commission of the aforementioned crimes.
- A computer password, access code or similar data which allows for the complete or partial access to an information system.
Hate mail: The Criminal Code reform establishes a higher penalty (up to 4 years' imprisonment) when hatred and humiliation messages to groups or persons on the grounds of racism, anti-Semitism, sexual orientation, disability, etc. are sent through the Internet or any other electronic means.
The law states that in those cases the Judge shall order the destruction of the means in which the messages are contained. Furthermore, when these contents have been shared through a website or any information society service, the website and the service will be blocked.
Finally, as far as the aforementioned Compliance Programme is concerned, the new Criminal Code establishes certain requirements that need to be met. Mainly, adopting a compliance programme (encompassing the elements described in article 33 bis 5) supervised by a company's body or individual with authorised powers of initiate and control. The law states that in those cases where the officers or the employees have committed a crime by intentionally violating the Compliance Programme and the Compliance officers have not neglected their duties of supervision, surveillance and control, the company will be exempted from criminal liability for the crimes committed (including corruption offences) by its officers and employees.
For the full reform of the Criminal Code, please click here.