This article was originally published in the schoenherr roadmap`10 - if you would like to receive a complimentary copy of this publication, please visit: http://www.schoenherr.eu/roadmap.

The Czech Republic has a new law heralding significant change in the punishment of cybercrime.

With its entry into effect on 1 January 2010, the new Act No. 40/2009 Coll. of the Criminal Code (the new Criminal Code) is designed to prosecute cybercrimes. The concept grew out of the Cybercrime Convention approved by the Committee of Ministers of the European Council in 2001 (the Convention), which the Czech Republic signed in 2005. However, 19 of the 46 signatories, including the Czech Republic, have yet to ratify it. The new Criminal Code also takes into consideration recent developments in information technology and the know-how of cybercriminals, heralding a significant shift in the prosecution of cybercrime in the Czech Republic.

Current regulations

Until now, Section 257a of the former Criminal Code contained only one provision which explicitly described and dealt with what could be called cybercrime. The subject matter of this paragraph was the protection of computer data stored on a carrier of information against intentional unauthorised alteration, destruction or unauthorised use, as well as the protection of computers (computer systems) from unauthorised interference.

International background

The new Criminal Code contains a more detailed definition of cybercrime. Its concept arises from the Convention, which defines cybercrimes as a collection of activities that the parties to the Convention should prosecute as criminal activities within the framework of their legal system. The Convention lists cybercrimes as: unlawful access, unlawful gathering of information, interference with data or systems, misuse of equipment, falsification of computer information, computer fraud, criminal acts connected with child pornography and criminal acts connected with the infringement of copyright and related rights.

Provisions of the new Criminal Code

The new Criminal Code, similar to the Convention, does not define cybercrimes as such, but rather as a collection of activities. Unlike the Convention, however, the new Criminal Code considers cybercrimes to be core activities relating to computers. It therefore includes child pornography and criminal acts connected with the infringement of copyright in other parts of the new Criminal Code. In Sections 230-232, the new Criminal Code prosecutes: (i) any unlawful access to a computer system or data carrier, (ii) acquisition and receipt of access equipment or codes for computer systems or other similar data and (iii) so-called "unauthorised use of stored data". These apply regardless of whether the trespasser had lawful access to the system.

Under Section 230 para. 2 of the new Criminal Code, "unauthorised use of stored data" consists of: (i) deletion or destruction, change, compression, lowering of quality or making data useless in any other way, (ii) falsification or change of entered data so as to make it appear genuine or (iii) unauthorised entry of data into the system.

The new Criminal Code has brought about another significant change. Unlike the former Criminal Code, in addition to prosecuting deliberate acts, in some cases the new Criminal Code also provides for prosecution of gross negligence. In this respect, the new Czech legal regulation of cybercrime goes beyond the requirements of the Convention and should lead to strong protection of interests in cyber security.

Legal consequences

Hacking through security installations or unlawfully accessing computer systems can be punished by a prison sentence of up to one year, the prohibition of related activities or the loss of property. A prison term of up to two years, the prohibition of related activities or the loss of property are the sanctions for unauthorised use of entered data.

The new Criminal Code stipulates more severe punishment, with prison terms of up to eight years for cases in which the unauthorised entry was gained by an organised group or if significant damage was caused or significant gains achieved.

In addition, there is special protection against the inducement of serious malfunctions in the activity of state administrations, local governmental agencies, courts or other bodies of official authority, as well as in the activity of legal or natural entities who are entrepreneurs.

The new Criminal Code takes into consideration recent developments in information technology and the know-how of cybercriminals, heralding a significant change in the prosecution of cybercrime in the Czech Republic.

This article was originally published in the schoenherr roadmap`10 - if you would like to receive a complimentary copy of this publication, please visit: http://www.schoenherr.eu/roadmap.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.