Categories
Uncategorized

Computer searches in Romania: how to protect your digital data and what you can do in practice

This guide explains how prosecutors and police search computers, phones and cloud accounts in Romania, what warrants should contain and how forensic imaging is used. It provides step-by-step suggestions for preserving privileged or confidential data, minimising business disruption and later contesting overbroad or improperly executed searches.

1. Why computer searches matter today

By 2025 almost every “serious” criminal case has a digital component. Mobile phones, laptops, tablets, e‑mail accounts, WhatsApp or Telegram messages, social media chats – all of these can become sources of evidence. For DIICOT, DNA and ordinary prosecutors’ offices, a computer search is often the step that radically changes the dynamics of a case.

From the perspective of the person targeted, a computer search is among the most intrusive measures: we are no longer dealing only with objects, but with fragments of your life – intimate conversations, personal photos, business documents, discussions with your lawyer, your digital diary. That is why the Code of Criminal Procedure tries to place this measure within a strict framework, with (at least in theory) guarantees for private life.

This article has a double aim:
to explain, in clear language, what a computer search is and how it actually works;
to give you practical tools – questions, checklists, scenarios – that you and your lawyer can use if your phone, laptop or online accounts are subject to a computer search.

2. Legal definition and where computer searches are regulated

The starting point is Article 168 of the Romanian Code of Criminal Procedure. It defines a computer search as a procedure for examining, discovering, identifying and collecting evidence stored in an IT system or on a data storage medium, by using appropriate technical means and procedures, so as to ensure the integrity of the information.

You can consult the current text of Article 168 CCP on legal platforms such as Lege5.ro – Article 168 CCP or coduri.juridice.ro – Article 168 CCP.

In the same section of the Code you will also find Article 168¹, which provides that a computer search may be carried out by specialised police officers, in the presence of the prosecutor or the criminal investigation body, and not only by “specialists” formally attached to judicial bodies.

It is important to understand that a computer search is a distinct evidentiary procedure from a home search or a body search. It targets digital content – data stored on or accessible through a device or an online account – and not just the physical “box” (the phone or laptop as an object).

3. When a computer search may be ordered: key conditions

During the criminal investigation phase, the judge of rights and liberties may order a computer search at the request of the prosecutor, where discovering and gathering evidence requires examining a computer system or data storage medium (Article 168 paragraph (2) CCP).

In practical terms several essential conditions must be met:
there must be a reasonable suspicion that an offence has been committed;
it must be likely that the computer system (phone, laptop, server, cloud account) contains relevant evidence for that offence;
this evidence cannot be obtained as effectively through a less intrusive measure (the principles of necessity, subsidiarity and proportionality).

Think of the computer search as the “last resort” – used when other, softer tools are no longer sufficient.

A quick checklist of three key questions to ask yourself when you see a computer search warrant:

  1. 1. What specific offence is being investigated and what is the link with my device or account?
  2. 2. What type of data are they looking for (time period, types of files, conversations, documents)?
  3. 3. Why is a computer search necessary instead of simply requesting specific records from a service provider or asking for particular documents?

Legal scholarship has repeatedly underlined that, given the high level of interference with private life, computer searches should be ordered exceptionally and with detailed justification for their necessity and proportionality.

4. Who requests and who decides on a computer search

Procedurally, the structure is essentially as follows:

  • the prosecutor files a reasoned application with the judge of rights and liberties;
  • the application is examined in chambers, without summoning the parties, with the mandatory participation of the prosecutor (Article 168 paragraph (4) CCP);
  • the judge admits or dismisses the application by a ruling; the ruling is not subject to appeal (Article 168 paragraph (7) CCP).

For the person targeted this means they have no opportunity to make submissions before the warrant is issued. The main control will generally occur later, in the preliminary chamber (when the legality of evidence is examined) or through other, subsequent challenges.

In practice it is crucial for the defence to analyse carefully both the prosecutor’s application and the judge’s ruling: jurisdiction, description of facts, justification of necessity, clear identification of the IT systems covered by the warrant.

5. What can actually be searched: devices, accounts, cloud

A computer search is not limited to “the office desktop”. Under Article 168 CCP, it may cover, for example:

  • mobile phones (smartphones), tablets, laptops, desktop PCs;
  • external hard drives, USB sticks, memory cards;
  • physical or virtual servers, NAS units, network equipment;
  • e‑mail accounts (Gmail, Yahoo, Outlook and so on);
  • social media accounts (Facebook, Instagram, TikTok, X/Twitter etc.);
  • messaging accounts (WhatsApp, Telegram, Signal, Messenger);
  • “the cloud” in the broad sense (Google Drive, iCloud, Dropbox, OneDrive, dedicated servers).

In the current digital environment, the boundary between “device” and “cloud” is increasingly blurred: a phone may be little more than an interface for data physically stored on servers in other countries. In practice judicial authorities often combine a computer search with requests to service providers (under mutual legal assistance frameworks).

A PRACTICAL SCENARIO: your phone is seized during a home search.

1. The phone is first seized as an object, under the home search warrant.
2. Later, the prosecutor asks the judge, by a separate application, to authorise a computer search of the phone and of any associated accounts.
3. Based on the computer search warrant the IT specialist copies the relevant content (sometimes even the full image of the device) and then starts the actual analysis.

6. How a computer search is carried out in practice

The Code of Criminal Procedure does not go into technical detail: it refers to “appropriate technical means and procedures” and to the obligation to ensure data integrity. In practice the work is usually divided into two stages:

  • preserving data integrity – copies (forensic images) of the media are created and then sealed;
  • analysis – the IT specialist works on the copy rather than the original, in order to avoid altering data.

Article 168 paragraphs (9)–(10) CCP expressly allow copies to be made where seizing the devices containing the data would seriously disrupt the activities of the person concerned (for example by physically removing servers that a company depends on to function).

Legal commentary has raised many questions about how well these safeguards work in practice – from the precise moment at which relevant data are selected, to the limits of the warrant and the risk of a “fishing expedition” through the entire contents of a phone or server.

7. Rights of the suspect or accused during a computer search

One sensitive point in the current regulation is the right of the person concerned to be present during the computer search. Article 168 paragraph (11) CCP states that the search of a computer system or data storage medium must be carried out in the presence of the suspect or accused, and that the provisions on home searches (Article 159 paragraphs (10)–(11)) apply accordingly.

Summarised, the minimum rights you have are:

  • to be informed that a computer search is to be carried out on your device or account;
  • to be brought to the place where the search is carried out (if you are detained or arrested) or to be invited to attend, where feasible;
  • to be assisted by your lawyer, who can make comments and objections;
  • to request that your observations be written into the official report.

A practical problem arises when a computer search is ordered at a stage where the investigation is still formally “in rem” – that is, without anyone having yet been formally declared a suspect. Legal writers have pointed out that this can be used to circumvent safeguards regarding the presence of the person concerned, which raises serious questions under Article 8 ECHR (right to respect for private life).

From a defence perspective it is vital to check:
the exact moment when the computer search was ordered;
whether at that moment the authorities already had concrete information about your identity;
whether, in all fairness, you should already have been granted suspect status with the associated rights.

8. The computer search warrant: mandatory elements and traps

Article 168 paragraph (6) CCP sets out what the judge’s ruling authorising a computer search must contain. These are not mere formalities – they mark the legal boundaries of what the authorities are allowed to do.

The ruling should include at least:

  • the name of the court;
  • the date, time and place of issue;
  • the name, surname and capacity of the judge issuing the warrant;
  • the period during which the warrant is valid and the activity must be carried out;
  • the purpose of the computer search;
  • the computer system or data storage medium to be searched and, where known, the name of the suspect or accused.

When you receive a copy of the warrant, check immediately:

  • is the device or account clearly identified (or are they listed specifically)?
  • is there a time-frame for the search to be carried out?
  • is the purpose described – what is being sought and in relation to which offence?
  • is your name or your company’s name mentioned? If not, was the warrant issued purely “in rem”? What does that mean for the safeguards you benefit from?

9. The computer search report: the document that records everything

At the end of the computer search the authorities must draw up an official report. Article 168 paragraph (13) CCP lists its mandatory elements.

In essence the report should contain:

  • the name of the person from whom the computer system or data storage media were seized, or whose system is being searched;
  • the name of the person who carried out the search;
  • the names of the persons present during the search;
  • a description and list of the computer systems or data storage media covered;
  • a description and list of the activities carried out (copying, keyword searches, filtering by time period etc.);
  • a description and list of the data discovered during the search;
  • the signature of the person who carried out the search;
  • the signatures of the persons present (including you and your lawyer).

For the defence this report is just as important as the warrant: it shows whether the authorities have stayed within the limits of the ruling, whether procedural safeguards were respected and whether there are grounds for arguing that certain evidence was obtained unlawfully.

10. Limits of the computer search and the risk of a “fishing expedition”

A modern smartphone can contain years of digital life involving dozens or hundreds of people. If the warrant refers to a single offence and a specific time frame, the logical question is: how deeply are the authorities allowed to dig into the rest of the content?

Article 168 paragraph (8) CCP tries to answer part of this by providing that, if during the search the authorities discover that the sought data are contained in another computer system or storage medium accessible from the original system, the prosecutor must immediately order that those data be preserved and copied and must urgently seek an extension of the warrant.

Typical problems highlighted by commentators include:
very vague warrants (“all data existing on the phone/laptop”);
copying the entire content followed by a broad search for any incriminating material;
using the data to investigate other offences than those initially specified, without effective oversight of proportionality.

In the preliminary chamber the defence may argue that the warrant is excessively broad, that its limits were exceeded or that there were no effective safeguards when selecting relevant data. In some cases such objections can lead to the exclusion of certain items of evidence or even to a finding that the computer search itself was unlawful.

11. How computer searches interact with other measures (home searches, body searches, technical surveillance)

Computer searches rarely occur in isolation. Most often they are combined with other evidentiary measures:

Home searches – where the device is seized from a dwelling. The conditions and rights of the person concerned are examined in detail (in Romanian) in the article “Percheziția domiciliară – cum mă pot apăra?” on maglas.ro.

Body searches – where the phone or memory stick is found on your person and seized as a result of a body search. A detailed guide on your rights in such situations (in Romanian) is available in the article “Percheziția corporală – ce drepturi am?”.

Technical surveillance – interception of communications, real-time access to computer systems and other forms of monitoring are governed by Articles 138 et seq. CCP and involve partly different rules and safeguards. In practice a computer search may complement and deepen what technical surveillance has already captured in real time.

12. Frequently asked questions about computer searches

12.1. Am I obliged to disclose my phone or laptop password?

The Code of Criminal Procedure does not currently contain an explicit obligation for a suspect or accused to disclose device passwords or encryption keys. Reality, however, is more nuanced.

On the one hand the authorities are entitled to use technical means to bypass or break protections (including by calling on external specialists). On the other hand the privilege against self‑incrimination and the right to remain silent are highly relevant: compelling a person to disclose a password that would lead directly to incriminating evidence raises serious concerns under this privilege.

Refusing to reveal a password is not, in itself, a separately defined criminal offence. Nevertheless it may complicate your relationship with the authorities, and the concrete consequences depend heavily on the facts. In practice the question “do I give them the password or not?” should always be discussed with your lawyer, based on the specific context.

12.2. Can my private conversations with other people be used against me?

Yes. In principle any conversation (SMS, WhatsApp, Facebook Messenger, e‑mail and so on) relevant to an alleged offence may be used as evidence, provided it was obtained in accordance with the law. The real issue is not the type of app, but the legality of the computer search and respect for the warrant’s limits.

Certain areas are particularly sensitive – for example your conversations with your lawyer or with journalists – where additional rules on professional secrecy and freedom of expression come into play. Where computer searches target a lawyer’s systems or the IT infrastructure of a media outlet, the level of protection should, quite legitimately, be much higher.

12.3. “Are they allowed to copy my entire phone and keep it indefinitely?”

Article 168 CCP allows copies to be made where seizing the original media would seriously disrupt the activities of the person concerned. The copy then serves as a potential source of evidence – but in principle its use should be limited to the purpose for which the warrant was issued and to the time frame being investigated.

In reality, once a full forensic copy has been created, there is always a temptation to explore the data more broadly – for other offences or for periods unrelated to the original warrant. This is precisely why subsequent controls (preliminary chamber proceedings, exceptions of illegality) are so important.

12.4. “What if I’m a company – what do I risk when facing a computer search?”

For companies a computer search involves a double risk:
criminal exposure (potential allegations of tax evasion, corruption, computer fraud and so on);
reputational and operational risk (business interruption, access to commercially sensitive data, strain in contractual relationships).

Preventive measures are no longer a luxury – they are a necessity: clear internal policies, proper data segregation, robust backups, and written protocols for reacting in case of a search (who is in charge, which documents are immediately sent to the company’s lawyers, how every operation carried out by the authorities is documented).

13. Practical steps for the first 48 hours after a computer search

If your phone, laptop or other devices have been seized and a computer search is being carried out on them, the first 48 hours are crucial from a defence strategy standpoint. Some concrete steps:

  • Ask for copies of the computer search warrant and of the computer search report;
  • Immediately write down a detailed chronology of events (who came, at what time, what you were told, who was present, which devices were seized);
  • Draw up, as comprehensively as possible, a list of the types of data stored on the devices (conversations, documents, accounts, data belonging to third parties), so that your lawyer can assess the potential impact;
  • Identify the most sensitive areas: discussions with lawyers, journalists, confidential business documents, employees’ personal data;
  • Speak to a lawyer specialised in criminal law and criminal procedure as soon as possible and send them all documents and notes;
  • Avoid “negotiating” directly with the prosecution service about the content of the devices, without a clear strategy agreed with your lawyer.

Depending on the circumstances your lawyer may advise filing requests and objections in the preliminary chamber, contesting the legality of the warrant, invoking breaches of the right to private life under the Convention and, where appropriate, considering an application to the European Court of Human Rights.

14. Conclusions and important disclaimer

A computer search is perhaps the most intrusive evidentiary measure provided for in the Code of Criminal Procedure: it allows the state to enter the memory of your devices, your conversations, your documents. For that reason the law tries to cage it within a strict framework: prior judicial authorisation, a clear limitation of the scope of the search, presence of the suspect or accused, involvement of an IT specialist, a detailed official report.

In practice, however, there are many situations where these safeguards remain partially theoretical. This is what makes a fast, carefully planned reaction by the person concerned so important: meticulous documentation of every stage, immediate consultation with a lawyer, and full use of the available control mechanisms (preliminary chamber, exclusion of illegally obtained evidence, applications to European courts where appropriate).

This article is for information purposes only and does not constitute legal advice. Real‑life situations can be much more nuanced than the examples used here. If you are or have been targeted by a computer search, you should seek legal advice as soon as possible so that a defence strategy tailored to your specific situation can be built.

15. Sources and further reading

Romanian Code of Criminal Procedure (consolidated 2024–2025 version) – synthetic version available on the SNPPC website (Romanian).

Article 168 CCP – computer searches and access to a computer system – Lege5.ro and coduri.juridice.ro.

Article 168¹ CCP – computer searches by specialised police officers – coduri.juridice.ro – Article 168¹ CCP (Romanian).

Paula Ciorea, “Considerații asupra percheziției informatice. Search and seizure of digital evidence”, Revista Penalmente Relevant no. 1/2017 – full‑text PDF (Romanian/English abstract).

G. Zlati, “Critici punctuale privind amendamentul referitor la modificarea art. 168 alin. (2) cod procedură penală (Percheziția informatică)” – article on penalmente.eu (Romanian).

I.D. Apachiței, “Incidența drepturilor fundamentale în procedura percheziției” – PDF (Romanian).

Guide on administering evidence in criminal proceedings – National Institute of Magistracy (INM) – section on computer searches (Romanian).

European Court of Human Rights – HUDOC database, case‑law on computer searches and private life – hudoc.echr.coe.int.

Related articles on maglas.ro (Romanian): “Percheziția corporală – ce drepturi am?” and “Percheziția domiciliară – cum mă pot apăra?” – body searches and home searches.

 

 

Exit mobile version