December 13, 2024
by Florian Van Tichelt
On the 6th of June 2024, the European Court of Human Rights (hereinafter: ‘the Court’) delivered a judgment in the case of Bersheda and Rybolovlev v. Monaco. In this case, the Court had to decide on a Monegasque criminal investigation in which a lawyer’s phone was perused by virtue of a judicial order. The Court found a violation of Article 8 of the European Convention on Human Rights (hereinafter: ECHR) since the search in the lawyer’s phone exceeded the investigative judge’s remit and the search was not accompanied by sufficient procedural safeguards to protect the professional secrecy of the lawyer concerned.
This judgment not only provides a number of interesting insights, but is also a good opportunity to provide a succinct overview of the Court’s case law on IT searches and seizures targeting lawyers.
Mrs Bersheda is a lawyer affiliated with the bar of Vaud, Switzerland. In the context of assisting her client in a judicial procedure, she recorded a conversation she had with T.R. for the purposes of collecting evidence favouring her client’s case. Subsequently, she delivered this audio recording to the Monegasque police, where a criminal investigation against T.R. was carried out. Following that, T.R. filed a complaint accusing Mrs Bersheda of having committed a criminal offence consisting of the violation of another person’s privacy, which is laid down in Article 308-2 of the Monegasque Criminal Code.
In order to exculpate herself, Mrs Bersheda hands over her smartphone to the investigators allowing them to examine the recording. In essence, the investigative judge only had to examine the authenticity and the content of the recording for proving the criminal offence which Mrs Bersheda had been accused of. Nonetheless, the judge decided to appoint an IT expert with the task of drawing up an extensive telecommunication report. The judicial order was drafted in very broad terms and did not include any limitations as to the data to be examined, nor to the scope of the investigation. This resulted in a selection of tens of thousands of messages spread over a period of more than three years. On top of that, the expert also gained access to deleted messages, which Mrs Bersheda had expressly removed from her phone in order not to jeopardise the confidentiality of the relations with her clients.
Although Mrs Bersheda initially decided herself to hand over her smartphone to the investigators, she did not agree with the overly extensive investigation conducted by the investigative judge. In essence, she denounced two distinct aspects of the criminal investigation directed to her. First, the investigative judge is said to have exceeded the confines of the criminal investigation and thus exceeding his remit. Second, the perusal of her smartphone, as carried out in this particular case, is said to be incompatible with the professional secrecy she enjoys as a lawyer.
First, the Court assesses whether the right to respect for private life as enshrined in Article 8 of the Convention was restricted at all. As a general rule, the Court reiterates that the collection, storage and use of information relating to telephone conversations, e-mails and other types of messages constitutes a restriction of the right to respect for private life in general and the right to respect for one’s correspondence in particular. Thus, the seizure and search of digital data extracted from a smartphone, as applicable in this case, falls within the scope of Article 8 ECHR.
The Court continues by stating that correspondence between a lawyer and his client deserves even a greater level of protection under Article 8 ECHR. The lawyer’s professional secrecy is essential and is considered to be the foundation of the relationship of trust necessarily existing between a lawyer and their client. Furthermore, the confidential character of this correspondence contributes to the proper and sound administration of justice. This extended level of protection, however, does not mean that the aforementioned fundamental rights cannot be restricted. Investigative authorities, like the investigative judge in the present case, are allowed to limit the right to respect for the correspondence of a lawyer with their client, but only if sufficient safeguards are implemented in the procedure applied. The Court emphasises that this protection does not only apply to domestic lawyers, but also to lawyers affiliated with a bar abroad, as is the case with Mrs Bersheda, who’s a member of the Swiss bar of Vaud.
Given the broadly worded judicial warrant ordering the search, the Court does not attach too much importance to the fact that Mrs Bersheda handed over her smartphone without any compulsion of the investigative authorities. According to the Court, this action was only intended to prove the lack of manipulation of the audio recording and thus its authenticity. The Court therefore acknowledges that Mrs Bersheda did not consent to the extensive criminal investigation as it was carried out by the appointed expert.
Second, the Court examines whether the impugned IT search was ordered and carried out in accordance with the law. In other words, the Court assesses whether the investigative measure at issue had a legal basis under Monegasque law. It is peculiar that the assessment is carried out in quite a substantiated manner. According to the Court, the legal basis not only has to exist, be accessible and foreseeable, but must also provide sufficient guarantees to safeguard the lawyer’s professional secrecy. In this case, the Monegasque legal basis by virtue of which the IT search was ordered did not provide any such guarantees. This, however, is not insurmountable for the Court. The flawed abstract legal basis can be remedied by the concrete manner in which the impugned investigative measure was ordered and carried out. The Court therefore examines whether the judicial warrant was reasonably limited in scope and whether the search carried out on the basis of this warrant had been accompanied with sufficient procedural safeguards to protect Mrs Bersheda’s professional secrecy.
As to the first point, the Court concludes that the judicial order was worded too broadly. The appointed expert’s margin of discretion to decide which information could be useful for the investigation was lacking limits to ensure that the judge’s remit was not exceeded. Moreover, the judicial warrant allowed for perusing the messages that were deleted by Mrs Bersheda, which is of course highly perilous considering Mrs Bersheda’s capacity as a lawyer and thus the related risks in terms of professional secrecy.
As to the second point, the Court considers it particularly problematic that the execution of the search was not accompanied by sufficient procedural safeguards to protect the lawyer’s professional secrecy. According to the Monegasque national judges – who had to decide on this case earlier – the investigated messages did not pertain to communication between Mrs Bersheda and her client, but to communication between Mrs Bersheda and third parties. Therefore, since professional secrecy was not at risk, the requirement of sufficient procedural safeguards did not apply. The Court strongly refutes this argument by asserting that the required procedural safeguards must be applied ab initio, i.e. before the content of the messages is being subject to investigation. After all, the procedural safeguards are intended to prevent investigative authorities from gaining access to messages covered by professional secrecy.
Considering the overly broad formulation of the judicial order and the absence of special procedural guarantees to protect professional secrecy, the Court comes to the conclusion that the right to respect for private life in general and the right to respect for one’s correspondence in particular have been violated in this case. The Court therefore concludes that there has been a violation of Article 8 ECHR.
For investigative authorities, smartphones are goldmines full of potentially incriminating information. This applies even more to the smartphone of a lawyer, which arguably is susceptible to containing potentially incriminating information covered by professional secrecy. Since lawyer-client confidentiality is a core principle of an effective right to legal assistance, the European Court of Human Rights attaches great value to professional secrecy and therefore assesses the cases in which investigative authorities attempt to set aside this principle under particularly strict scrutiny.
Just as in the annotated judgment, the Court seems to handle those cases predominantly under the umbrella of Article 8 ECHR. The collection, storage and use of information relating to telephone conversations, e-mails and other types of messages constitutes a restriction of the right to respect for private life in general and the right to respect for one’s correspondence in particular. Thus, seizing and searching digital data extracted from a smartphone falls undoubtedly within the scope of Article 8 ECHR. If the smartphone of a lawyer is concerned, the Court even affords a strengthened protection since this phone arguably contains information covered by professional secrecy and the perusal of this phone therefore entails risks with respect to the rights of defence enshrined in Article 6 ECHR. The confidentiality of the communications between a lawyer and their client is indeed the basis of the relationship of trust that must exist between that lawyer and their client and is furthermore the corollary of the right to legal assistance and the right against self-incrimination. In other words, the Court does not seem to handle those cases under the umbrella of Article 6 ECHR, but the possible impact of an infringement of professional secrecy on the rights of defence will lead the Court to assessing the possible violations of Article 8 ECHR more stringently.
In the annotated case, the Court asserted that the absence of a legal basis providing sufficient procedural guarantees to safeguard the lawyer’s professional secrecy can be compensated by the concrete manner in which the impugned investigative measure was ordered and carried out. This is an interesting point that the Court does not seem to make in every case. For instance, in the case of Petri Sallinen a.o. v. Finland, the Court ruled that the investigative measures taken were not in accordance with the law because of the mere absence of applicable regulations specifying with an appropriate degree of precision the circumstances in which privileged material could be subject to search and seizures (§ 92). The Court’s case law thus seems to diverge on this point.
As to the proportionality of the contested IT searches and seizures, the Court takes into account both general criteria applicable to IT searches and seizures in general, as specific criteria intended to protect the lawyer’s professional secrecy. This distinction is also reflected in the annotated judgment.
First, the Court takes into consideration various criteria that could be described as general, in the sense that they apply to IT searches and seizures in general, regardless of the person subject to the measure. Accordingly, the Court takes into account the seriousness of the crime, whether or not the investigative measure is based on reasonable suspicion and the scope of the impugned search and seizure. The latter is considered to be particularly important in cases involving lawyers since the breadth of the impugned investigative measures has an impact on related risks with respect to professional secrecy. Orders allowing for the search and seizure of all computers and data storage devices without any limitation are therefore hard to reconcile with the fundamental right to respect for private life (e.g. Robathin v. Austria, § 47 and §§ 51-52). In this regard, the Court acknowledged in multiple judgments that the use of key-word searches, with the key-words determined in the warrant allowing for the search, could be an effective method to keep the search within proportionate limits (e.g. Sérvulo & Associados – Sociedade de Advogados, RL a.o. v. Portugal, § 103 and Wieser and Bicos Beteiligungen GmbH v. Austria, § 59).
Second, the Court also requires the contested investigative measures to be accompanied by sufficient procedural safeguards specifically intended to protect the lawyer’s professional secrecy. In this regard, it is of the utmost importance to note that the Court does not necessarily require the lawyer-client confidentiality to be violated in the case at hand. As the Court also emphasised in the annotated case, the procedural safeguards must be applied before the content of the messages is being subjected to investigation. This implies that the Court from a very procedural point of view assesses whether there were sufficient procedural safeguards in place, rather than examining from a substantive perspective whether the investigative authorities in the concrete case laid eyes on privileged messages. In this respect the Court attaches great value to the presence of an independent observer with sufficient qualifications, such as a representative of the bar association, to control that messages covered by professional secrecy are being separated from other messages not protected by professional secrecy. Furthermore, the Court predominantly takes into account the presence of judicial oversight in the sifting procedure (e.g. Sérvulo & Associados – Sociedade de Advogados, RL a.o. v. Portugal, § 116), as well as whether or not the targeted lawyers are able to make comments during the sifting procedure (Särgava v. Estonia, §§ 106-108).
With the annotated judgment, the European Court of Human Rights confirmed its established case law on criminal investigations in connection with lawyers: they must be limited in scope and must be accompanied by sufficient procedural safeguards to protect the professional secrecy of the lawyer concerned. This judgment demonstrates once again the need for national legislators, and when specific procedures are lacking, investigative authorities, to act diligently when it comes to IT searches and seizures targeting lawyers.