They Searched My Phone or Cloud Without Authorisation: Is the Evidence Excluded?
Last updated:
listIn this article
lightbulbKey Takeaways
- check_circlePhone and cloud require a specific judicial authorisation (588 sexies)
- check_circleA home-search warrant does not allow access to the phone
- check_circleA detainee's consent without safeguards is debatable
- check_circleUnlawful evidence = excluded (Art. 11.1 LOPJ), with knock-on effect
- check_circleAn IP identifies a connection, not a person
Quick answer
Searching a mass data storage device (phone, computer, tablet) and accessing an investigated person's cloud require a specific, reasoned and proportionate judicial authorisation (Arts. 588 sexies a-c LECrim): a home-search warrant is not enough, and consent given without information or a lawyer may be invalid. If access is obtained without that cover, the evidence may be excluded for breaching fundamental rights (Art. 11.1 LOPJ), with a possible knock-on effect on derived evidence.
In cases with digital evidence —computer fraud, hacking, disclosure of secrets, money laundering or any cybercrime— the case is often won or lost on a preliminary question: how the evidence was obtained. Access to an investigated person's phone, computer or cloud is subject to strict safeguards, and breaching them can lead to the exclusion of the evidence and of everything derived from it.
Searching a device requires a specific judicial authorisation
Since the 2015 reform of the Criminal Procedure Act, Arts. 588 sexies a) to c) LECrim govern access to the content of mass data storage devices. The essential rule is that authorisation to search a home does not automatically allow access to the phone or computer: a specific, reasoned and proportionate judicial decision is required, defining the scope of access. Art. 588 sexies c) extends that requirement to access to information stored in the cloud reached from the device.
Consent without safeguards is debatable
It is common for police to access the phone with the investigated person's 'consent'. But that consent is only valid if it is free, informed and given with safeguards. For a detainee, case law is especially demanding: consent obtained without clear information about its consequences or without legal assistance may be declared ineffective, leaving the search without legal cover.
Evidence exclusion (Art. 11.1 LOPJ)
Where access is obtained without valid authorisation, Art. 11.1 LOPJ comes into play: evidence obtained, directly or indirectly, in breach of fundamental rights has no effect. The exclusion may extend to derived evidence through the connection of unlawfulness, so that excluding an unlawful phone extraction can leave much of the prosecution case without support. This is why analysing the chain by which the evidence was obtained is one of the defence's first tasks.
IP, traffic data and attribution of authorship
A second front is the attribution of authorship. An IP address identifies a connection, not a person: shared WiFi networks, NAT/CGNAT, VPNs or simple use of the device by a third party break the link between IP and author. Moreover, disclosure of the traffic data retained by the operator requires judicial authorisation (Art. 588 ter LECrim). The defence can challenge both the lawfulness of obtaining that data and its real ability to identify a specific person.
Chain of custody of the electronic evidence
Finally, digital evidence is fragile and easily altered. The chain of custody —how the digital content was seized, cloned, hash-sealed and brought into the proceedings— must be documented. Gaps in that process, the absence of a forensic clone with integrity verification or the inability to rule out alterations all allow the reliability of the expert evidence to be challenged.
Defence with digital evidence at Alonso Sala
At Alonso Sala, a criminal-defence firm in Madrid (C/ Velázquez 27) with coverage throughout Spain, we analyse the lawfulness of device searches and the strength of digital evidence in each case, working with computer experts. Read more on our hacking and intrusion and cybercrime pages.
Frequently asked questions
Can they search my phone without a court order in Spain?expand_more
As a general rule, no. Accessing the content of a mass data storage device requires a specific, reasoned judicial decision (Art. 588 sexies LECrim). Authorisation to enter and search a home does not, by itself, allow access to the contents of the phone or computer.
I gave consent without a lawyer. Is it valid?expand_more
It is highly debatable. Consent to access the phone must be free and informed and, for a detainee, given with proper safeguards. Consent obtained without clear information or without legal assistance may be invalid and open the way to excluding the search.
If the search was unlawful, what happens to the evidence?expand_more
Evidence obtained in breach of fundamental rights has no effect (Art. 11.1 LOPJ). It may also drag down evidence derived from it through the doctrine of connection of unlawfulness. It is one of the most powerful defence avenues in cases with digital evidence.
Does an IP address prove it was me?expand_more
Not on its own. An IP identifies a connection, not a person: shared WiFi, NAT/CGNAT, VPNs or use of the device by a third party break that link. Disclosure of the operator's traffic data also requires judicial authorisation. Attribution of authorship must rest on sufficient evidence.
gavelDo you need criminal defense in this area?
We are criminal defense lawyers specializing in hacking & intrusion lawyers. We act urgently to protect your rights.