Budapest Convention

Cross‑border cyber/intrusion cases between the UK and Spain are handled through international cooperation — mainly the Budapest Convention, Mutual Legal Assistance (MLA) channels and police cooperation (Europol/Interpol/Eurojust), plus bilateral arrangements — but since Brexit some EU tools (like the European Investigation Order) no longer apply to the UK, so investigations often rely on MLA requests and direct police-to‑police cooperation. Portal+1

Below is a clear, practical explanation of how the law deals with things like hacking routers, intercepting Internet traffic, or installing/listening devices and hidden cameras when one person is in the UK and the victim or device is in Spain — with what actually happens in practice and what you should do if you’re a victim.

1) Who has jurisdiction?

  • Territorial principle: the country where the wrongful conduct or its effects occur usually has primary jurisdiction. If the device/recording or the person harmed is in Spain, Spanish authorities will normally investigate and prosecute. If the attacker sits in the UK but targeted a Spanish device, both countries can be involved (Spain for the harm, UK for the suspect). Portal

2) Which international tools make cooperation possible?

  • Budapest Convention on Cybercrime: a global framework that harmonises offences and makes cross‑border evidence exchange and cooperation easier. Both the UK and Spain are parties, and it is often the legal backbone for requests about computer data and network logs. Portal
  • Mutual Legal Assistance (MLA): when police need coercive measures (searches, seizure of servers, subscriber data, interception authorisations) they usually send a formal MLA request to the other state’s central authority. The UK and Spain handle MLA under post‑Brexit arrangements (including provisions in the EU–UK Trade and Cooperation Agreement and bilateral cooperation), but MLA is typically slower and more formal than direct police liaison. 5SAH+1
  • Operational police cooperation: Europol, Eurojust, and INTERPOL channels (and direct police-to-police contact) are used for case coordination, urgent preservation of data and investigative assistance. Eurojust guidance explains how to request assistance from the UK in practice. Eurojust+1

3) How an investigation typically works (step‑by‑step)

  1. Victim report to local police (Spain): Spanish police (Policía Nacional / Guardia Civil — cyber units) open an investigation, seize local evidence (hardware, logs) and identify what foreign evidence they need (e.g., UK ISP logs, server provider data). Portal
  2. Spanish authority makes an MLA request / uses Budapest Convention channels: to obtain subscriber data, server logs, or compel action in the UK. If urgency exists, officers can use established cooperation channels for quicker preservation requests. Portal+1
  3. UK authorities act on the request: the UK central authority (Home Office / CPS liaison / National Crime Agency depending on case) assesses the request, obtains required judicial authorisations under UK law (e.g., Investigatory Powers Act for lawful interception), and then produces the material or executes measures if permitted. Note: interception powers in the UK require strict legal authorisations; foreign requests must meet UK legal standards. Legislation.gov.uk+1
  4. Evidence transfer and prosecution: once evidence is gathered, it is transferred under MLA and used in the Spanish prosecution (or UK prosecution if the suspect is prosecuted there). Coordination through Eurojust/Europol often helps synchronize arrests and preserve admissibility of evidence. Eurojust+1

4) Practical realities & limitations (what slows things down)

  • No EIO from UK after Brexit: the European Investigation Order (fast EU evidence tool) can’t be used between the UK and EU now; that means some evidence‑gathering is slower because it uses MLA rather than EIOs. Expect formalities and time (though urgent preservation requests can sometimes be fast). GOV.UK
  • Different legal thresholds: UK and Spanish laws have different standards for interception, warrants and data retention; a request can be denied or narrowed if it doesn’t meet the requested state’s legal test. Legislation.gov.uk+1
  • Evidence admissibility: investigators must preserve chain‑of‑custody and follow legal processes (both states’ rules) so evidence will be admissible in court. Improperly obtained evidence may be excluded. Faculty of Law

5) If you’re the victim — concrete steps to take (Spain ↔ UK cases)

  1. Report immediately to Spanish police (Policía Nacional / Guardia Civil — cybercrime unit). Give them all logs, timestamps, IPs, router logs and any suspicious messages. Spanish police will know when they need UK assistance. Portal
  2. Preserve evidence: screenshots, router logs, camera firmware logs, external drives, and any suspicious emails. Don’t alter devices; if possible switch devices to airplane mode and keep them powered for seizure.
  3. Report in the UK too (if you suspect the attacker is there): Action Fraud / local UK police can accept reports that help UK investigators identify suspects and coordinate with Spanish authorities. This speeds cooperation. GOV.UK
  4. Contact platforms and service providers: ask hosting providers, social platforms or phone/ISP companies to preserve logs (they often have emergency preservation processes). Provide police case numbers so providers prioritise requests.
  5. Consider AEPD/GDPR complaints if personal data were captured or shared — that can trigger administrative action in Spain. better-internet-for-kids.europa.eu+1
  6. Get legal/cyber‑forensics help: a Spanish lawyer experienced in cybercrime and a forensics expert can prepare evidence packets that speed MLA requests and protect admissibility.

6) Special note on interception, covert devices and hidden cameras

  • Installing listening devices or hacking routers to intercept communications is typically criminal in Spain (Articles on discovery of secrets / privacy) and in the UK (various offences and strict interception rules). Both states treat such conduct seriously and will cooperate to investigate and prosecute. Evidence of remote access from the UK can trigger UK warrants or device seizures if the suspect is identified. better-internet-for-kids.europa.eu+1

7) Helpful authorities & frameworks (where to push for action)

  • Spain: Policía Nacional, Guardia Civil — file a denuncia and ask for the cyber‑crime unit / Grupo de Delitos Telemáticos. AEPD for data‑protection complaints. Portal+1
  • UK: Action Fraud (report), National Crime Agency liaison, and UK central MLA authorities for formal requests. Eurojust/Europol if the case is complex or urgent. GOV.UK+1

Quick summary (practical takeaways)

  • Cross‑border hacking/listening device cases are investigated through MLA and Budapest Convention channels, supported by police cooperation. Both Spain and the UK will usually cooperate — but post‑Brexit the process can be formally slower than when EU instruments (like the EIO) were available. Portal+1
  • Report quickly, preserve evidence, involve your local police and platforms, and get legal/forensic help — those steps materially improve the chance investigators in both countries can act. Portal+1

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.