Abusive Access to Computer Systems: Ruling No. 27900 of 2023 and the Dropbox Case

Ruling No. 27900 of February 22, 2023, by the Court of Cassation offers an important reflection on the topic of abusive access to computer systems, particularly concerning virtual storage spaces like Dropbox. This decision emphasizes how fundamental it is to identify the owner of the space and their “ius excludendi alios” (right to exclude others) from access, before an access can be qualified as abusive according to Article 615-ter of the Penal Code.

Legal Context

According to Article 615-ter, first paragraph, of the Italian Penal Code, abusive access to a computer or telematic system is a crime that requires clear identification of the person holding the right of access. The Court has established that, in the specific case, it is necessary to verify whether the Dropbox folder in question belonged exclusively to the defendants or to the company for which they worked.

Abusive access to a computer or telematic system – So-called "Dropbox" space – Offense under Article 615-ter, first paragraph, of the Penal Code – Identification of the owner of the space and their relative “ius excludendi alios” to access – Necessity – Existence – Case. Regarding abusive access to a computer or telematic system, the offense under Article 615-ter, first paragraph, of the Penal Code, charged in relation to the so-called "Dropbox" storage space, requires the identification of the owner of the space and their relative "ius excludendi alios" to access the aforementioned application. (Case in which the Court annulled the decision with referral, deeming it necessary to verify whether the so-called "dropbox" folder belonged exclusively to the defendants, who had created it and temporarily made it available to the company for which they worked, or belonged to the aforementioned company, given that, only in the latter case, their access to modify the account, by changing the telematic address, carried out after the termination of the employment relationship, could be considered abusive).

Implications of the Ruling

This ruling represents an important precedent for Italian jurisprudence, as it clarifies that the notion of abusive access cannot be applied in a generalized manner. It is essential to establish who has the right of access to virtual spaces and under what conditions of use. The Court's considerations emphasize the need for a detailed analysis of the specific situation, avoiding superficial interpretations.

• Identification of the space owner: who created the account?
• Temporary use of the space by third parties: what rights remain?
• Legal consequences of unauthorized access: what penalties are foreseen?

Conclusions

In conclusion, ruling No. 27900 of 2023 offers very relevant insights for those operating in the field of cybercrime law. The importance of precisely determining the owner of a computer system is crucial for the correct application of the law. Companies, in particular, must pay attention to how they manage virtual spaces and what access rights they grant to their employees, to avoid incurring serious legal consequences.