Geolocation and stalkerware against a partner (Arts. 197 and 197 ter CP)

Criminal defence in cases involving the installation of control, tracking or spying applications on a partner's phone without consent, with overlap with gender-based violence and the offence of stalking.

call91 078 65 74

Last updated: 22 June 2026

Defense Keys: Geolocation and stalkerware against a partner (Arts. 197 and 197 ter CP)

Installing a control, tracking or message-reading app on a partner's phone without their consent may constitute the offence of discovery and disclosure of secrets under art. 197.1 CP, punishable by imprisonment of one to four years and a fine of twelve to twenty-four months.
Disseminating, disclosing or transferring the obtained data or images to third parties is separately punishable by imprisonment of two to five years under art. 197.3 CP.
Where the data affected are sensitive, or the victim is a minor or a person with a disability requiring special protection, the penalties are imposed in their upper half under art. 197.5 CP.
Art. 197 ter CP separately punishes anyone who produces, acquires or facilitates to third parties computer programs designed to commit these offences, or access passwords.
Phone spying frequently arises in contexts of gender-based or domestic violence, which may trigger aggravating factors and the jurisdiction of the Courts on Violence against Women.
The defence requires verifying the chain of custody of the device, the computer forensic evidence and whether or not consent existed.

What conduct Arts. 197 and 197 ter CP punish

Installing control, geolocation or message-reading applications on a partner's phone without their consent —the phenomenon known as stalkerware— falls squarely within the offence of discovery and disclosure of secrets under article 197 of the Spanish Criminal Code. Article 197.1 CP punishes anyone who, in order to discover the secrets or breach the privacy of another and without their consent, seizes their papers, letters, e-mail messages or any other personal documents or effects, intercepts their telecommunications, or uses technical devices to listen to, transmit, record or reproduce sound or images, or any other communication signal. Installing an app that forwards WhatsApp messages, logs calls, captures screenshots or transmits the device's GPS position in real time fits fully within this conduct.

Article 197.2 CP extends protection to anyone who, without authorisation, seizes, uses or alters, to the detriment of a third party, reserved personal data recorded in files or on computer media. For its part, the article 197 ter CP separately sanctions the preparatory stage: it punishes anyone who, without due authorisation, produces, acquires for their own use, imports or in any way facilitates to third parties a computer program designed or adapted mainly to commit these offences, or a password, access code or similar data allowing access to an information system. In other words, the legislator brings the protective threshold forward and pursues whoever supplies the tools, not only whoever uses them.

Applicable penalties and aggravating factors

The basic offence under article 197.1 CP is punishable by imprisonment of one to four years and a fine of twelve to twenty-four months. If the offender disseminates, discloses or transfers the obtained data or images to third parties, article 197.3 CP provides for an autonomous penalty of imprisonment of two to five years. Article 197.5 CP is particularly relevant: where the conduct affects data revealing ideology, religion, beliefs, health, racial origin or sexual life, or the victim is a minor or a person with a disability requiring special protection, the penalties are imposed in their upper half; and article 197.4 provides for additional aggravations relating to the offender's status (those in charge of the files) or to the unauthorised use of the data. The article 197 ter CP, in turn, provides for imprisonment of six months to two years or a fine of three to eighteen months. Where the offence is committed through a legal entity, article 197 quinquies CP allows a fine of six months to two years to be imposed on it.

Overlap with gender-based violence and stalking

Spying on a partner's phone rarely appears in isolation. In contexts of gender-based or domestic violence, geolocation and the monitoring of communications are often the instrument of a pattern of control, which may trigger the jurisdiction of the Courts on Violence against Women and aggravate the criminal response. Where surveillance is persistent and seriously disrupts the victim's daily life, the offence of stalking under article 172 ter CP may also apply, punishing repeated surveillance, pursuit or seeking of physical proximity. For more on these related offences, see our pages on harassment and stalking (art. 172 ter CP) and on illegal access to data and computer systems.

Elements of the offence and lines of defence

The prosecution must establish the absence of consent of the device's owner, the intent to discover secrets or breach privacy, and the authorship of the installation or use of the software. In many proceedings the critical point is the computer forensic evidence: how the device was obtained, whether the chain of custody was respected, whether the forensic image is reliable and whether the detected software was actually installed by the accused. The defence may dispute the existence of prior consent, the shared ownership of the device or account, the absence of intrusive purpose in legitimate parental control or family-location tools, or the nullity of evidence obtained in breach of fundamental rights.

How to act and our intervention

Whether you are under investigation or have suffered this type of surveillance, the early intervention of a criminal lawyer is decisive. We analyse the police report, the expert evidence and the digital proof, assess the legal classification and design the most appropriate procedural strategy. Our firm, located at Velázquez 27, Madrid, offers specialist criminal defence in offences against privacy. You can contact us on 91 078 65 74 for an assessment of your case.

balance

Penalties & Consequences: Geolocation and stalkerware against a partner (Arts. 197 and 197 ter CP)

Type / Scenario	Criminal Penalty
Basic offence (art. 197.1 CP)	Imprisonment of one to four years and a fine of twelve to twenty-four months for seizing messages, intercepting telecommunications or capturing images or sound from a partner's phone without consent.
Dissemination and aggravations (arts. 197.3 and 197.5 CP)	Disseminating, disclosing or transferring the obtained data to third parties is punishable by imprisonment of two to five years (art. 197.3); and the penalties are imposed in their upper half if they affect sensitive data or the victim is a minor or a person with a disability requiring special protection (art. 197.5).
Facilitating programs (art. 197 ter CP)	Imprisonment of six months to two years or a fine of three to eighteen months for anyone who produces, acquires or facilitates to third parties spyware or access passwords to commit these offences.

* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.

shield_lock

Defense Strategy: Geolocation and stalkerware against a partner (Arts. 197 and 197 ter CP)

gavel01

Analysis of the computer forensic evidence

We review the forensic image of the device, the chain of custody and the reliability of the expert report to detect irregularities that may invalidate the proof of the spyware.

gavel02

Examination of consent and ownership

We examine whether prior consent existed, whether the device or account was jointly owned and whether the tool had a legitimate family-control purpose, as opposed to an intrusive use of privacy.

gavel03

Defence against aggravating factors and concurrences

We assess the application of arts. 197.3 and 197.5 CP, the possible overlap with gender-based violence and the stalking offence under art. 172 ter CP, and put forward the most favourable classification and the applicable concurrences.

Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide

Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.

Penalty Table: Cybercrime

Offence	Article	Description	Penalty
Illegal access to systems	Art. 197 bis	Unauthorised access breaching security measures	6 months – 2 years
Interception of data	Art. 197 bis.2	Intercepting non-public data transmissions	3 months – 2 years
Production/supply of hacking tools	Art. 197 ter	Creating or distributing tools designed for cybercrime	6 months – 2 years
Computer damage (basic)	Art. 264.1	Deleting, damaging or making data inaccessible	6 months – 3 years
Aggravated damage (critical infrastructure)	Art. 264.2	Affecting essential services or critical infrastructure	2 – 5 years prison
Cyber fraud (phishing)	Art. 249.1.a	IT manipulation to obtain unlawful transfer of assets	6 months – 3 years

Key Defence Strategies

IP Attribution Challenge

An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.

Chain of Digital Custody

Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.

Authorised Security Testing

Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.

Lack of 'Breaching Security Measures'

Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.

Key Case Law

Doctrina TSElements of illegal access (Art. 197 bis)

The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.

Doctrina TSRansomware as combined offence

The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.

Doctrina TSPhishing and the 'money mule' defence

In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.

gavel

Why Choose Us?

Need a criminal defense lawyer for this type of offense? Here's how we work:

check

Consent and expectation of privacyWhether or not the device owner consented is the core of the offence under art. 197.1 CP. Establishing prior consent, shared ownership or a non-intrusive purpose may exclude criminal liability.

check

Validity of the digital evidenceThe chain of custody of the phone, the regularity of the forensic image and respect for fundamental rights in obtaining the evidence determine its validity. A finding of evidentiary nullity can be decisive.

check

Legal classification and proportionalityDistinguishing the basic offence under art. 197.1 from the dissemination under art. 197.3, from the aggravations of art. 197.5 CP, from art. 197 ter and from concurrences with stalking under art. 172 ter is key to avoiding an over-classification of the facts.

workspace_premium

+15 Years of ExperienceTeam dedicated exclusively to criminal law before Spanish courts and tribunals.

support_agent

Direct AttentionYour case is handled directly by a senior lawyer of the firm.

Consult My Casearrow_forward

quiz

FAQs

Is it an offence to install a tracking app on my partner's phone without them knowing?expand_more

Yes. Installing an application that tracks the location, reads the messages or logs the calls of a partner's phone without their consent may constitute the offence of discovery and disclosure of secrets under article 197.1 CP, punishable by imprisonment of one to four years and a fine of twelve to twenty-four months.

What exactly does article 197 ter CP punish?expand_more

Article 197 ter CP sanctions anyone who, without authorisation, produces, acquires for their own use, imports or in any way facilitates to third parties a computer program designed mainly to commit these offences, or a password or access code to a system. The penalty is imprisonment of six months to two years or a fine of three to eighteen months.

Is the penalty aggravated because the victim is my partner or former partner?expand_more

Article 197.5 CP provides for the penalties to be imposed in their upper half in certain cases, such as where sensitive data are affected or the victim is especially vulnerable. In addition, the partner context may trigger the jurisdiction of the Courts on Violence against Women and aggravating factors specific to gender-based or domestic violence.

Can the stalking offence under article 172 ter CP also apply?expand_more

Yes. Where surveillance through geolocation or spyware is repeated and seriously disrupts the victim's daily life, the offence of stalking under article 172 ter CP may also be found, in concurrence with the offence against privacy.

What if the phone was in my name or jointly used?expand_more

Ownership of the device does not in itself authorise spying on the communications of whoever uses it. Nonetheless, shared ownership or consented use may be relevant to the defence. This is a case-by-case analysis that a criminal lawyer must assess in light of the specific circumstances.

How is it proved that someone installed spyware?expand_more

Usually through a computer forensic report on the device, identifying the app, its configuration and the exfiltrated data. The defence examines the chain of custody, the reliability of the forensic image and the attribution of the installation to the accused.

Are parental control tools an offence?expand_more

Parental control over minors, exercised proportionately and within parental authority, has a legitimate purpose distinct from spying on a partner. The key lies in the absence of consent and the intrusive purpose against an adult's privacy.

What penalties does a company that markets stalkerware face?expand_more

Where the offence is committed through a legal entity, article 197 quinquies CP allows a fine of six months to two years to be imposed on it, in addition to the penalties provided for in article 33.7 of the Criminal Code.

I have discovered that my phone is being spied on; what should I do?expand_more

You should preserve the device and the evidence without manipulating it, document what you have detected, and consult a criminal lawyer to assess filing a complaint and requesting a forensic examination. An orderly approach protects the validity of the evidence.

Where can I discuss my case with a criminal lawyer?expand_more

Our firm is located at Velázquez 27, Madrid, and offers specialist criminal defence in offences against privacy. You can contact us on 91 078 65 74 for an individual assessment of your matter.

We also serve

Madrid Alicante Marbella Seville Málaga Bilbao Zaragoza

View all locations →

listTable of Contents

shieldDefense Keys: Geolocation and stalkerware against a partner (Arts. 197 and 197 ter CP)

Installing a control, tracking or message-reading app on a partner's phone without their consent may constitute the offence of discovery and disclosure of secrets under art. 197.1 CP, punishable by imprisonment of one to four years and a fine of twelve to twenty-four months.
Disseminating, disclosing or transferring the obtained data or images to third parties is separately punishable by imprisonment of two to five years under art. 197.3 CP.
Where the data affected are sensitive, or the victim is a minor or a person with a disability requiring special protection, the penalties are imposed in their upper half under art. 197.5 CP.
Art. 197 ter CP separately punishes anyone who produces, acquires or facilitates to third parties computer programs designed to commit these offences, or access passwords.
Phone spying frequently arises in contexts of gender-based or domestic violence, which may trigger aggravating factors and the jurisdiction of the Courts on Violence against Women.
The defence requires verifying the chain of custody of the device, the computer forensic evidence and whether or not consent existed.

gavelElements of the Crime

check_circleAbsence of consentThe offence requires that the installation or use of the software be carried out without the consent of the owner of the device or of the intercepted communications.
check_circleIntrusive intentThere must be an intent to discover secrets or breach the partner's privacy, which distinguishes the offence from legitimate, consented family-location tools.
check_circleTypical conduct and technical meansSeizing messages, intercepting telecommunications, capturing images or sound, or accessing reserved data by means of technical devices or computer programs installed on the device.

gavelPenal Consequences

Basic offence (art. 197.1 CP)

Imprisonment of one to four years and a fine of twelve to twenty-four months for seizing messages, intercepting telecommunications or capturing images or sound from a partner's phone without consent.

Dissemination and aggravations (arts. 197.3 and 197.5 CP)

Disseminating, disclosing or transferring the obtained data to third parties is punishable by imprisonment of two to five years (art. 197.3); and the penalties are imposed in their upper half if they affect sensitive data or the victim is a minor or a person with a disability requiring special protection (art. 197.5).

Facilitating programs (art. 197 ter CP)

Imprisonment of six months to two years or a fine of three to eighteen months for anyone who produces, acquires or facilitates to third parties spyware or access passwords to commit these offences.

articleRelated Articles

linkRelated Services

account_treePrivacy & Confidentiality

Explore all practice areasarrow_forward

Do you need specialised legal assistance?

The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.

Contact Alonso Sala

Call: +34 91 078 65 74