Cyber identity fraud in Spain

Cyber identity fraud is becoming increasingly common, and our Spanish lawyers often receive inquiries on the crime. In a 2019 study of Spanish internet users, around 6% of respondents answered that they have been victims of identity theft. We wrote this article to inform you what cyber fraud is, how to avoid it, and steps you can take if you fall victim to this crime.

What qualifies as cyber identity fraud in Spain?

In Spanish penal code, fraud is defined as “with intent to profit, uses sufficient deceit to cause another individual to err, inducing him or her to commit an act of disposition to the detriment of him or herself or a third party.” Also, the law specifies that computer fraud carries the same punishment, computer fraud being defined as “the unauthorized transfer of any personal asset to the detriment of a third party”.

Therefore, cyber identity fraud is the transfer of the personal asset of identity. Although the Spanish penal code does not specifically protect against cyber identity fraud, article 18-4 states that the use of information technology cannot be used to demean the honor and respect of private citizens. Additionally, articles 197-2 and 197-3 punish the use, modification, and unauthorized access of personal data.

Cyber identity fraud is not specifically defined in Spanish penal code, but identity fraud is. A defendant would use other laws that imply protection against cyber identity fraud. To launch a successful lawsuit you must take legal action against multiple of the following crimes; misuse of information technology, theft of civil identity, and libel, slander, or threat. A lawsuit that combines these legal actions will result in a greater likelihood of receiving damages from the identity fraud. In contrast, a lawsuit against only one identity-fraud related crime will result in a misdemeanor, making it more difficult to receive damages for the fraud.

What are the punishments?

As cyber identity fraud is not specifically defined in Spanish penal code, punishments vary depending on the nature of the case, and our Spanish lawyers can give you more information on the punishment for specific cases of identity fraud.

Article 401, On identity fraud, states that if the fraud results in a theft of identity used to act on behalf of the victim, such as taking out a loan using someone else’s identity, the punishment can range from 3 months to 6 years.

In the case of unauthorized access of personal data, in article 197, the punishment can range from imprisonment between 1 to 4 years and a fine lasting between 12 and 24 months.

Additionally, if the personal information is shared to a third party, the punishment increases to imprisonment between 2 to 5 years.

However, if an individual shares this information, with knowledge of its unlawful origin, but did not personally steal the data, the punishment ranges from imprisonment between 1 and 3 years and a fine of between 12 and 24 months.

If the personal data stolen involves the victim’s gender, sexual identity, religion, health, or if the victim is disabled or a minor,the punishment may be imprionment of between 4 and 7 years.

What are the main examples of cyber identity fraud?

Because personal information can be used for many purposes, there are many different examples of identity fraud. The type of cyber identity fraud our Spanish lawyers see most often is fraud for financial gain.

Piñera del Olmo

 Aribau 114, entlo 2a
 08036 Barcelona

 Phone: +34 93 514 39 97

 Fax: +34 93 127 07 66