Austria

[AT] Bundesrat Ratifies Council of Europe Cybercrime Convention

IRIS 2012-6:1/9

Lucie Weiand

Institute of European Media Law (EMR), Saarbrücken/Brussels

On 29 March 2012, the Austrian Bundesrat (upper house of parliament) ratified the Council of Europe Convention on Cybercrime with the aim of making criminal prosecution in the field of cybercrime more efficient.

The Convention on Cybercrime was adopted by the Committee of Ministers of the Council of Europe on 8 November 2001 and signed by Austria and some other states on 23 November 2001 (see IRIS 2001-10/3). It entered into force on 1 July 2004 and is now in force in 33 contracting states.

The Convention essentially harmonises the criminal substantive law elements of offences that must be incorporated into domestic law, and provides for criminal procedural law powers necessary for the investigation and prosecution of such offences. To this end, the competent authorities are given special powers. For example, they should be able to expeditiously preserve stored computer data. Here, Austria reserves the right to refuse a request for legal assistance with the preservation of computer data, apart from in cases of dual criminality. This reservation does not apply to the offences listed in Articles 2 to 11 of the Convention, i.e., offences against the confidentiality, integrity and availability of computer data and systems, computer-related offences, certain offences related to child pornography and copyright infringements. Harmonised rules in the field of international cooperation should also facilitate extradition and legal assistance in particular, in view of the dual criminality requirement.

Austria has already transposed the essential provisions of the Convention. A 24-hour point of contact is still to be set up in accordance with Article 35 of the Convention for the purpose of investigations, proceedings and the collection of evidence concerning the offences covered by the Convention.

The Cybercrime Convention was approved by the majority of Austrian Bundesrat members. Although, on the one hand, the protection of citizens and businesses from cybercrime through so-called hacking, for example, was stressed, various aspects were criticised also: there were complaints that the Convention was already more than ten years old and therefore did not take into account recent developments, including a new interpretation of the law. It was also unacceptable that serious crimes and illegal downloads were treated in the same way. Finally, some critics feared that the Convention’s provisions might be “excessively” transposed, leading to censorship and surveillance, particularly in view of the fact that it was being ratified at the same time as the entry into force of data retention laws in Austria (see IRIS 2011-6/7).