Unjustified seizure of electronic data protected by lawyer-client professional secrecy, violates privacy
JUDGMENT
Kırdök and others v. Turkey 03.12.2019 (no. 14704/12)
SUMMARY
In this case the applicants, who are lawyers, complained about the seizure of their electronic data by
the judicial authorities for the purposes of criminal proceedings against another lawyer (Ü.S.), who
had shared their office.
The Court found, in particular, that the seizure of the applicants’ electronic data, which were
protected by lawyer-client professional secrecy, and the refusal to return or destroy them had not
corresponded to a pressing social need or been necessary in a democratic society. The Court also
noted the lack of sufficient procedural guarantees in the law as interpreted and applied by the
judicial authorities.
PROVISION
Article 8
PRINCIPAL FACTS
The applicants, Mehmet Ali Kırdök, Mihriban Kırdök and Meral Hanbayat, Turkish nationals who
were born in 1954, 1958 and 1980 respectively and live in Istanbul, are lawyers.
In 2011 the Istanbul public prosecutor’s office instigated an investigation to detect and reveal the
secret communication channels operating between Abdullah Öcalan and his former organisation
(PKK – the Kurdistan Workers’ Party, an illegal armed organisation – and the KCK). In that context a
judge of the Istanbul Assize Court issued an order concerning the activities of Ü.S. (a lawyer), who
was arrested the next day at his home. The police conducted searches of the office which the latter
shared with the applicants. They made copies of all the data stored on the hard disk of the computer
used jointly by all the lawyers, as well as of a USB stick belonging to Ms Hanbayat. A representative
of the Istanbul Bar Association and an applicant were present during the search. The data seized by
the police were placed in a sealed bag.
Subsequently, the applicants appealed against the order issued by the Assize Court judge both as the
representatives of Ü.S. and in their own names. They requested, in particular, the restitution or
destruction of their digital data, arguing that those data did not belong to Ü.S., that they were
protected by legal professional secrecy and that they had been seized without any relevant order
being issued. The public prosecutor’s office submitted observations to the effect that since the data
in question had not yet been transcribed, it was impossible to ascertain their precise owners. The
Assize Court dismissed the applicants’ appeal on the grounds that the impugned order had been
issued in accordance with the law and the relevant procedure.
THE DECISION OF THE COURT…
Article 8 (right to respect for private and family life, as well as the home and private
correspondence)
The Court noted that the applicants, who were not the subject of the criminal investigation, argued
before the judicial authorities that the seized electronic data belonged to them and were covered by
lawyer-client professional secrecy. It also noted that in his search order the judge of the Assize Court
broadly indicated the scope of the search of the premises, stating that the aim of the operation was
to “gather evidence and seize items” potentially proving that the suspect (Ü.S.) had been involved in
activities within the terrorist organisation KCK/PKK. The order had not specified which concrete or
specific items or documents were to be found at the specified addresses, including the premises of
the applicants’ law firm, or how those pieces of evidence were relevant to the criminal investigation.
Thus, under the order, the authorities responsible for the investigation had been able, in general
terms, to examine all the digital data stored in the applicants’ offices, without worrying unduly that
they were searching the premises of a law firm which might house documents submitted by clients
to their legal representatives.
Furthermore, the broad scope of the order was reflected in the manner in which it had been
enforced. Even though a representative of the Istanbul Bar Association and an applicant had been
present during the search and the data seized had been placed in a sealed bag, no further special
measures had been adopted to protect them against interference with professional secrecy. Indeed,
there had been no mechanism for filtering electronic documents or data covered by professional
secrecy or any explicit prohibition of the seizure of data covered by such confidentiality during the
search. On the contrary, all the data on the hard disk of the computer jointly used by all the lawyers
working on the premises and on one USB stick had been seized.
Once the applicants had requested the return of the digital data, relying on the professional secrecy
of exchanges between lawyers and their clients, the judicial authorities had been under a legal
obligation promptly to assess the data seized and to return the data protected by such secrecy to
them or to destroy the data, as appropriate. However, domestic legislation and practice had been
unclear as to the consequences of any failure by the judicial authorities to honour that obligation.
The Assize Court had definitively refused to return or destroy the seized copies of the data, based on
reasoning which had merely mentioned the lawfulness of the searches conducted in the legal
offices, and had not reacted to the specific allegation of an infringement of the confidentiality of
exchanges between lawyers and their clients. It would appear that the Assize Court had implicitly
accepted the grounds put forward by the public prosecutor’s office in order to justify the refusal to
return the data seized, to the effect that since the data in question had not yet been transcribed, it
had been impossible to ascertain their precise owners. The Court took the view that not only was
such a ground of refusal not clearly prescribed by law, but also it was incompatible with the
substance of the professional secrecy protecting exchanges between lawyers and their clients. At
any event, it could not be concluded that the examination of the applicants’ request by the judicial
authorities had complied with the obligation to provide for especially strict verification of measures
relating to data covered by legal professional secrecy.
Lastly, the compensatory remedy (Article 141 of the Code of Criminal Procedure) referred to by the
Government was very different from an application for a declaration of nullity of an impugned
seizure, and would not have led to the return or the destruction of the copies protected by
professional secrecy.
Consequently, the measures imposed on the applicants (the seizure of their digital data and the
refusal to return or destroy them) had not corresponded to a pressing social need, had not been
proportionate to the legitimate aims pursued (prevention of disorder, prevention of criminal
offences and protection of the rights and freedoms of others), and had not been necessary in a
democratic society. There had therefore been a violation of Article 8 of the Convention.
In the absence of sufficient procedural guarantees in the relevant legislation as interpreted and
applied by the judicial authorities in the present case, the Court considered that the complaints
under Article 13 of the Convention covered the same ground as the complaint under Article 8 of the
Convention.
Just satisfaction (Article 41)
The Court held that Turkey was to pay each applicant 3,500 euros (EUR) in respect of non-pecuniary
damage and EUR 3,000 jointly in respect of costs and expenses.
