Why wiping someone else’s hard drive is illegal (what the law says)

You can’t legally wipe someone else’s hard drive in Spain without clear lawful authority — doing so is very likely a criminal offence (and creates civil/data‑protection liability). Below I explain why, the likely crimes and penalties, and what to do instead (if you’re the victim). I will not give any instructions on how to carry out destructive acts.

Why wiping someone else’s hard drive is illegal (what the law says)

  1. Unauthorised access to a computer/system — accessing another person’s device or system without permission is an offence under Article 197‑bis of the Spanish Penal Code. That covers gaining access to a system or remaining in it against the will of the owner. Blanco Tovar Abogados
  2. Computer/data damage (destruction or making data inaccessible) — deliberately deleting, destroying or rendering someone else’s data or programs inaccessible is covered by the delitos de daños informáticos (Article 264 and related provisions). If the deletion is “grave” or produces significant harm, the law provides for prison sentences. Conceptos Jurídicos+1
  3. Other related offences — depending on circumstances, there may also be offences for discovery/revelation of secrets (private communications), interception of communications (Article 197 and 197‑bis variants), or aggravated forms if images/sexual content are involved. Separate administrative liability under data‑protection law (AEPD/GDPR) can also apply. Conceptos Jurídicos+1

Typical penalties (what you can expect)

  • Access offences (Art.197‑bis): imprisonment and/or fines; typical statutory ranges are up to a couple of years depending on the paragraph and severity. Blanco Tovar Abogados
  • Damage to data (Art.264): where data are deleted/damaged in a serious way, penalties commonly include prison from around 6 months up to several years; aggravated penalties and higher fines apply if the consequences are especially serious (profit motive, organised group, large loss). Conceptos Jurídicos+1
  • Administrative sanctions (AEPD/GDPR): if personal data are improperly deleted or processed, the AEPD can open procedures and impose fines or orders to remediate. Cases show organisations can be sanctioned for unlawful deletion of personal data. ECIJA+1

When (if ever) wiping can be lawful

There are narrow lawful contexts — for example, the device owner authorises secure erasure, or an employer acting within lawful policies and legitimate grounds on corporate devices, or a judicial/police order authorising seizure/forensic wiping. Absent clear legal authority or consent, wiping someone else’s drive is unlawful. Always confirm legal authority before taking any destructive action. Garante Privacy+1

If you’re the victim (someone wiped your drive)

  1. Do not try to re‑use/repair the device — preserve it as evidence.
  2. Collect what evidence you can (logs, emails, messages, witnesses about the incident).
  3. File a denuncia (criminal complaint) with Policía Nacional / Guardia Civil (Grupo de Delitos Telemáticos) — they can investigate computer crimes and, where needed, order forensic analysis. Rapid reporting helps. Fiscal.es+1
  4. Consider civil claims for material and moral damages and seek an injunction if data were published or distributed.
  5. If personal data were affected, also consider a complaint to the AEPD (GDPR/data‑protection route). The AEPD can investigate and impose administrative remedies/fines. AEPD+1

If you want, I can draft a short denuncia template you could adapt to file with the police, include the legal articles to reference, or help you find a local Spanish lawyer who specialises in cybercrime/data protection.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.