Legal Framework in Germany

This section mainly focuses on the differences between the Austrian law and the German law in regard to hacking. Overall the law in germany is more strict and the penalities are often higher.

Relevant Sections

Unauthorized Access to Data (§ 202a StGB)

German: Ausspähen von Daten

Definition: This provision deals with the criminal act of unauthorized access to particularly protected data.

Key Elements:

  • Unauthorized Access: Intentionally accessing data that is not intended for the individual and is specifically protected against unauthorized access.

  • Overcoming Access Protection: The access must involve circumventing or bypassing the security measures that protect the data.

  • Nature of Data: The data in question must be stored electronically, magnetically, or in any other form that's not directly perceptible. This also includes data that is being transmitted.

Penalties:

  • Offenders can face a prison sentence of up to three years or a monetary fine.

The focus of this provision is on the illicit access to data that's specifically safeguarded, emphasizing the illegal act of bypassing these protective measures. It ensures the protection of electronic and digital data from unauthorized breaches.

Interception of Data (§ 202b StGB)

German: Abfangen von Daten

Definition: This provision addresses the criminal act of intercepting data not intended for the perpetrator using technical means.

Key Elements:

  • Unauthorized Interception: Deliberately obtaining data for oneself or another person that is not intended for them by leveraging technical tools.

  • Data Source: The data must either be from a non-public data transmission or from the electromagnetic emission of a data processing system.

  • Nature of Data: The provision references § 202a Abs. 2, emphasizing that the data should be stored electronically, magnetically, or in any other manner that's not directly perceptible.

Penalties:

  • Offenders can face a prison sentence of up to two years or a monetary fine.

  • The penalty applies unless another provision stipulates a more severe punishment for the same act.

This section emphasizes the protection of electronic and digital data, particularly when it comes to illicit interception, ensuring the data's security and privacy.

Preparation of Unauthorized Data Access and Interception (§ 202c StGB)

German: Vorbereiten des Ausspähens und Abfangens von Daten

Note: This paragraph is also called the "Hacker Paragraph".

Definition: This section addresses the criminal act of preparing for the unauthorized accessing or interception of data as per § 202a and § 202b.

Key Elements:

  • Preparatory Actions: The article focuses on the creation, acquisition, sale, distribution, or other methods of making accessible:

    1. Passwords or other security codes that facilitate access to data (as referenced in § 202a Abs. 2).

    2. Computer programs specifically designed to commit the offenses mentioned in § 202a or § 202b.

Penalties:

  • Those found guilty under this section can face a prison sentence of up to two years or a monetary fine.

The essence of this section is to criminalize not just the act of unauthorized data access and interception, but also the preparations for such acts, reinforcing the importance of data security and privacy.

Differences to the Austrian law

The Austrian and German legal systems both criminalize unauthorized data access and hacking-related activities. Yet, there are differences in the way these actions are framed and punished under the laws of each country. Let's examine some of these differences:

Definition and Scope:

  • Austria:

    • Comprehensive approach covering different types of cybercrimes: unauthorized access, data damage, impairing systems, malicious software, digital fraud.

  • Germany:

    • Focuses on unauthorized data access, especially when data is particularly safeguarded.

Penalties:

  • Austria:

    • Varied penalties depending on severity: from 6 months for basic data impairment, up to 5-10 years for substantial financial loss or targeting critical infrastructure.

  • Germany:

    • Up to 3 years or fine for unauthorized data access (§ 202a). Up to 2 years or fine for creating/distributing hacking tools (§ 202c).

Special Provisions:

  • Austria:

    • Specific laws for non-cash payment methods, e.g., § 241h.

  • Germany:

    • Emphasis on creation and distribution of hacking tools (§ 202c).

Exemptions and Defenses:

  • Austria:

    • Exemptions for those who voluntarily prevent potential harm/damage from their actions.

  • Germany:

    • No explicit exemptions in provided sections.

Terminology and Emphasis:

  • Austria:

    • Emphasizes potential damage and impact: impairment of systems, financial loss, threats to critical infrastructure.

  • Germany:

    • Prioritizes the act of unauthorized access and breach of data privacy/security.

Resources:

  • https://www.gesetze-im-internet.de/stgb/

PreviousLegal FrameworkNextIntroduction

Last updated