The ruling of the Criminal Chamber of the Supreme Court number 735/2024, dated 12/07/2024, has resolved a key issue regarding the crime of business secret disclosure by establishing that it is a crime of anticipatory consummation, where the mere act of appropriation aimed at discovering the business secret is sufficient. Thus, gaining knowledge of the secret belongs to the post-offense phase. The crime is committed even if the secret cannot be discovered afterward, for example, if the offender is unable to decipher the keys used by the company to protect such a secret.
Legal Context of the Crime of Business Secret Disclosure: Spanish Penal Code, Article 278
Article 278 of the Spanish Penal Code governs the crime of discovery and disclosure of business secrets. It penalizes anyone who, with the intention of uncovering a business secret, appropriates data, documents, IT supports, or other objects containing confidential information. The disclosure of such secrets to third parties constitutes an aggravated form of the crime.
Offense Type and Protected Legal Asset
The crime of business secret disclosure aims to protect a company’s competitiveness by safeguarding the information it considers strategic and keeps confidential from competitors. The protected legal asset is, therefore, the company’s competitive capacity, as well as the integrity of its commercial secrets, which may include financial information, client lists, business strategies, and other strategically valuable data.
Ruling No. 735/2024
In the case resolved by the ruling, the defendant, an IT worker who had previously worked for the affected company, accessed confidential information without authorization, including client lists, financial balances, and billing documents. The defendant later offered this information to a competitor in exchange for financial compensation and prepared to deliver it, stored on a USB device. The police intervened before the competitor could download the information.
Determination of the Crime’s Consummation
The ruling focuses on the moment when the crime of business secret disclosure is consummated, emphasizing that the mere delivery of the device containing the confidential information is sufficient to consummate the crime. It is not required for the information to be processed or used by the third party, but rather, it is enough that the defendant ceded control of the data to the recipient.
Supreme Court Considerations
The Supreme Court based its decision on the fact that the crime of secret disclosure is one of anticipatory consummation, meaning it is completed with the mere act of appropriation or transfer of data, regardless of its subsequent use or download. This approach is supported by doctrine, which considers the delivery of the information support sufficient, given the nature of this crime as one of concrete danger, which does not require the actual occurrence of damage to the company’s competitive capacity.
Delivery as the Moment of Consummation
The ruling confirms that the simple transmission of the device, without the need for its exploitation by the recipient, is sufficient for the crime to be considered consummated. The crime’s aim is the transfer of data to a third party, and the fact that the device was not downloaded does not remove the defendant’s intent or the inherent risk of their conduct.
Subjective Elements of the Crime: Intent and Crime’s Purpose
The subjective element of the crime of business secret disclosure requires intent, that is, the knowledge and will to disclose the business secret to a third party without the owner’s authorization. In the case of the ruling, the Court determined that the defendant acted with full awareness that the information did not belong to them and that its disclosure could harm the company’s competitiveness.
Obtaining and Transferring Business Secrets
The Court found that the defendant took advantage of their position to collect confidential data, despite being obligated to keep it secret. The transfer of this data to a competitor demonstrated a clear intention to benefit a third party at the expense of the affected company, which aggravated the situation from a moral and professional ethics perspective.
Relevant Jurisprudence and Doctrine: Jurisprudential Interpretation of Article 278 of the Penal Code
The Supreme Court has reiterated in several rulings the importance of safeguarding business secrets. Its doctrine has clarified that the crime is consummated when the secret falls outside the control of its owner. This is interpreted as a mechanism to protect the company’s interests without requiring actual or quantifiable damage since the risk to competitiveness is enough to constitute the crime.
Relevant Precedents
Among the precedents from the same Chamber are rulings 864/2008 and 451/2019, which address similar crimes and emphasize that control over confidential information and unauthorized access are key elements for configuring the crime. These rulings highlight that the infringer’s intent to jeopardize the company’s competitiveness is a critical component for consummation.
Doctrine on the Crime of Danger
Doctrine considers that the crime of business secret disclosure is a concrete danger crime, meaning it focuses on the risk that the offender’s conduct creates for the company, rather than on the actual outcome of the offense. The mere possibility that the information could be used improperly by a third party is sufficient for the protected legal asset to be compromised.
Implications for the Protection of Business Information: Preventive Measures and Complementary Legislation
Companies must adopt adequate security and confidentiality measures to protect their business secrets. This includes both technical measures (such as the use of secure storage devices and data encryption) and legal measures, such as including confidentiality clauses in contracts and training employees on their data protection obligations.
Regulatory Framework in Spain
The Penal Code, in its articles 278 and 279, lays the foundation for penalizing these crimes and is complemented by the Organic Law on Data Protection and Guarantee of Digital Rights, which strengthens data protection in the business sector. The combination of these regulations provides a robust framework for prosecuting actions that endanger business competitiveness through unauthorized access to confidential information.
The Importance of Jurisprudence in Law Application
This type of ruling plays a fundamental role in interpreting business crimes, as it clarifies key concepts such as the crime’s consummation, the relevance of intent, and the scope of protection granted to business secrets. Companies and their legal advisors must remain vigilant to these jurisprudential developments to adjust their data protection practices in accordance with the prevailing judicial interpretation.
Conclusion
The Supreme Court ruling number 735/2024 establishes an important precedent in the application of the crime of business secret disclosure, confirming that the mere delivery of a device containing confidential information is sufficient to consummate the crime. This interpretation effectively protects business secrets and ensures that companies can maintain their competitiveness in an environment where confidential information is a valuable asset. The doctrine on dangerous crimes, applied in this ruling, underscores the Spanish legal system’s commitment to protecting business knowledge in the digital economy.
