Skip to content
AS
Alonso Sala
CRIMINAL LAWYERS
ES

Criminal Lawyers for Cyberbullying

Defense against cyberbullying, online harassment, and digital stalking charges.

Last updated:

Cyberbullying covers a broad set of conduct involving harassment, intimidation or persecution carried out through digital means: social media, messaging apps, email, forums, gaming platforms and streaming services. There is no offence specifically named "cyberbullying", so it is prosecuted through several pre-existing offences that may concur with one another according to the particular features of the conduct.

The main routes to liability are: the offence of stalking (Art. 172 ter CP) where the conduct is repeated and seriously alters the victim's daily life; threats (Art. 169 CP) where harm is announced; coercion (Art. 172 CP) where the aim is to impose conduct; offences against privacy and one's own image (Art. 197 CP), especially the subtype of Art. 197.7 CP for the non-consensual sharing of intimate images; offences against moral integrity (Art. 173 CP) where degrading treatment is present; libel and slander (Arts. 205 et seq. CP); and sexual offences where a sexual element is involved.

Forms of Cyberbullying

The most frequent forms include: school cyberbullying among minors, with the specific procedural regime of the juvenile jurisdiction; workplace cyber-mobbing, on the border between criminal and employment law; sextortion or blackmail with intimate images; repeated harassment on social media (Instagram, X, TikTok, Facebook) through fake profiles, mass tagging, humiliating comments or coordinated campaigns; messaging harassment (WhatsApp, Telegram, Signal); doxing or the publication of identifying personal data; swatting (false reports to provoke police action against the victim); and digital identity impersonation.

The Offence of Stalking (Art. 172 ter CP)

Article 172 ter CP punishes anyone who, insistently and repeatedly and without lawful authorisation, harasses a person by: watching, pursuing or seeking physical closeness; establishing unwanted contact through any means of communication; misusing their personal data; or attacking their freedom or property, or that of someone close to them. The conduct must seriously alter the development of the victim's daily life. The penalty is prison of 3 months to 2 years, aggravated in the specific cases of Art. 172 ter 2 and 3 CP (vulnerable victims, the partner context).

Evidence & Digital Proof

Evidence in these offences requires specific technical handling: certified screenshots with an intact timestamp and metadata; notarial records of digital content to preserve evidential integrity; IT expert reports on origin, authorship and authenticity; requests to service providers (social networks, operators) to obtain identification, IP addresses and logs; and the forensic imaging of devices. The defence must critically analyse the chain of custody of the digital evidence and the authenticity and integrity of the exhibits.

The Victim's Position & Private Prosecution

Victims of cyberbullying have the tools of the Victim Statute (Law 4/2015), including the option of acting as a private prosecution. They may request protective precautionary measures (a digital restraining order, a no-contact order, content removal), psychological support, legal aid in certain cases, and the claim for civil liability arising from the offence for non-material harm, therapy costs and, where appropriate, loss of earnings.

Defence Strategy

We build the defence of accused persons around: a discussion of the repetition and the serious alteration of daily life the offence requires; questioning material authorship where accounts were shared or impersonated; the full contextualisation of the exchanges; a discussion of the classification among the different possible offences; challenging the digital evidence; and the assessment of mitigating factors. We also act for victims as a private prosecution with the appropriate resources and strategy. We act before the Investigating Courts, the Courts on Violence against Women (where applicable), the Criminal Courts, the Juvenile Courts and the Provincial Courts.

balance

Penalties & Consequences: Cyberbullying

Type / ScenarioCriminal Penalty
Stalking (Art. 172 ter CP)Prison of 3 months to 2 years; the upper half where the victim is vulnerable or a current/former partner.
Threats & coercion (Arts. 169-172 CP)Prison that varies according to the seriousness of the threat or the coercion used.
Non-consensual intimate images (Art. 197.7 CP)Prison of 3 months to 1 year for sharing intimate images without consent.

* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.

shield_lock

Defense Strategy: Cyberbullying

gavel01

Repetition & Serious Alteration

Discussing whether the conduct met the repetition and 'serious alteration of daily life' the offence requires.<h3>Criminal procedure and competent court in cyberstalking</h3><p>The stalking offence under Article 172 ter of the Spanish Criminal Code is generally prosecuted on the victim's complaint, since its basic form requires a complaint by the injured person or their legal representative. The investigation falls to the Investigating Court of the place where the acts were committed; where the conduct takes place through telecommunications, pinpointing the place of commission can raise questions of territorial jurisdiction that are best addressed early.</p><p>Because the maximum penalty for the offence does not exceed five years' imprisonment, trial falls to the Criminal Court and the matter proceeds under the abbreviated procedure. The Provincial Court does not intervene unless the stalking concurs with other offences carrying a higher penalty, and the National High Court has no jurisdiction over these acts save in an express and exceptional connection. Identifying the correct court from the outset helps avoid nullities and delays.</p><h3>Digital evidence and the lawfulness of its obtainment</h3><p>Cyberstalking is usually proved through digital evidence: message screenshots, call logs, metadata, IP addresses, profiles and posts. The defence scrutinises the chain of custody and the authenticity and integrity of those materials, because a screenshot that can be altered or lacks integrity safeguards may carry diminished probative weight. A complete forensic image and an expert comparison are often decisive.</p><p>The State's obtaining of communications data is subject to the secrecy of communications under Article 18.3 of the Constitution and to the safeguards of Articles 588 bis a) and following of the Criminal Procedure Act, which require a reasoned judicial authorisation and proportionality. The search of mass data storage devices is governed by Article 588 sexies, with a specific judicial ruling. Any measure carried out without those safeguards may be void and may taint the derived evidence under the exclusionary rule.</p><h3>The boundary with neighbouring offences and concurrence</h3><p>Stalking under Article 172 ter is delimited against neighbouring offences that may concur with it. If the messages announce a serious harm, an offence of threats under Articles 169 to 171 may apply; unauthorised access to or disclosure of confidential data may constitute an offence of discovery and disclosure of secrets under Article 197, or even the computer-related form of Article 197 bis. Intense and repeated humiliation may shift the classification toward an offence against moral integrity under Article 173.</p><p>The non-consensual sharing of intimate images or recordings is punished under Article 197.7, which presupposes real material captured or obtained from the affected person. Where the image is a wholly synthetic deepfake generated with artificial intelligence, its fit within Article 197.7 is contested, because there is no real intimate image obtained from the victim; the classification may instead be redirected, depending on the case, to moral integrity, defamation or other offences. Pinning down the applicable offence and resolving the concurrence on sound technical grounds is central to the defence.</p><h3>Prescription and plea agreement</h3><p>The limitation periods are set by Article 131 of the Criminal Code according to the maximum penalty. Stalking under Article 172 ter, carrying imprisonment of three months to two years, prescribes after five years, the minimum period applicable to offences whose maximum penalty does not exceed five years. If, by concurring with more serious offences, the combined penalty exceeds five years without surpassing ten, the period rises to ten years. In continued conduct, time usually runs from the last act of stalking, which calls for careful examination of the chronology of events.</p><p>A plea agreement allows a penalty to be settled with the prosecution by acknowledging the facts, which can translate into a more measured criminal response and the avoidance of trial. It is not suitable in every case: it should be weighed only after analysing the strength of the evidence, the possible nullity of investigative measures, the presence of mitigating circumstances, and additional consequences such as restraining or no-contact orders. The decision must be deliberate and always informed by legal counsel.</p>

gavel02

Questioning Authorship

Challenging material authorship where accounts were shared, hacked or impersonated.

gavel03

Digital Evidence

Challenging the chain of custody and the authenticity of screenshots and online content.

gavel04

Full Context

Placing the exchanges in their complete context (mutual arguments vs one-sided harassment).

Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide

Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.

Penalty Table: Cybercrime

OffenceArticleDescriptionPenalty
Illegal access to systemsArt. 197 bisUnauthorised access breaching security measures6 months – 2 years
Interception of dataArt. 197 bis.2Intercepting non-public data transmissions3 months – 2 years
Production/supply of hacking toolsArt. 197 terCreating or distributing tools designed for cybercrime6 months – 2 years
Computer damage (basic)Art. 264.1Deleting, damaging or making data inaccessible6 months – 3 years
Aggravated damage (critical infrastructure)Art. 264.2Affecting essential services or critical infrastructure2 – 5 years prison
Cyber fraud (phishing)Art. 249.1.aIT manipulation to obtain unlawful transfer of assets6 months – 3 years

Key Defence Strategies

IP Attribution Challenge

An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.

Chain of Digital Custody

Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.

Authorised Security Testing

Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.

Lack of 'Breaching Security Measures'

Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.

Key Case Law

Doctrina TSElements of illegal access (Art. 197 bis)

The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.

Doctrina TSRansomware as combined offence

The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.

Doctrina TSPhishing and the 'money mule' defence

In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.

gavel

Why Choose Us?

Need a criminal defense lawyer for this type of offense? Here's how we work:

workspace_premium
+15 Years of ExperienceTeam dedicated exclusively to criminal law before Spanish courts and tribunals.
support_agent
Direct AttentionYour case is handled directly by a senior lawyer of the firm.
Consult My Casearrow_forward

Do you need specialised legal assistance?

The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.

call