Computer

Term and Definition: Computer in the legal sense

Ein Computer is generally understood as an electronic data processing system for processing and storing data. From a legal perspective, the term computer encompasses any device that processes, stores, transmits, and outputs information based on programmable computational operations. Legal definitions can be found, among others, in criminal law, data protection law, copyright law, as well as IT security law.

According to Section 202a (2) of the German Criminal Code (StGB), any device used for the automated processing of data is, for example, considered a computer. The term is often used synonymously with calculator or data processing system, and includes both individual hardware components and complex networks.

Legal Frameworks

Computers in Criminal Law

Protection of Computer Systems

The legislature protects computer systems against unauthorized access, manipulation, and data misuse. Key regulations in this context are in particular:

• Section 202a StGB (Data Espionage): This includes unauthorized access to specially protected data that is not intended for the perpetrator and is processed or stored electronically. Any type of computer counts as a target system.
• Section 303a StGB (Data Tampering)/Section 303b StGB (Computer Sabotage): The protected objective is the functioning and integrity of computers and their data.
• Section 263a StGB (Computer Fraud): This provision protects the property of others by criminalizing the manipulation of data processing operations by means of computers.

How a computer is technically equipped (server, workstation, embedded system) is irrelevant for the application of these provisions; what matters is the suitability for automated data processing.

Evidentiary Aspects

Electronic content created or processed by computers is subject to evidence collection and IT forensics. The securing and evaluation of such data is subject to strict legal requirements, especially regarding data protection and the integrity of evidence.

Computers in Data Protection Law

Computer systems are central elements of data protection law. According to the General Data Protection Regulation (GDPR), every computer is regarded as a ‘processing unit’ on which personal data can be processed.

Requirements for Data Security

Article 32 GDPR requires data controllers to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes protection against unauthorized access to computer systems, for example through encryption, access restrictions, and logging.

Reporting Obligations in Case of Security Incidents

If a computer falls victim to a data protection incident (e.g., hacking, data loss), there is an immediate obligation to report and notify the supervisory authority, as well as, depending on severity, the data subjects.

Computers in Copyright Law

Protection of Hardware and Software

Copyright law protects computer software (programs) as ‘computer programs’ pursuant to Sections 69a et seq. UrhG and in part also databases and graphical user interfaces. Hardware is only protected in certain cases by design law or patent law.

Usage and License Rights

The lawful use of computers generally requires a valid usage authorization for the installed software. Reproduction, distribution, and public accessibility of computer programs are not permitted without a license. The scope of protection remains relevant even in the context of cloud computing.

Computers in IT Security Law

Obligations and Standards under the IT Security Act

The IT Security Act and subsequent regulations require operators of so-called ‘critical infrastructures’ to take appropriate measures to protect their computer systems. Other companies, such as those in the telecommunications industry, are also required to comply with security standards (Section 109 TKG).

Liability for Security Vulnerabilities

Those responsible for computer systems must ensure their security to prevent attacks, data losses, and system outages. In case of proven negligence or failure to implement protective measures, liability claims may arise.

Computers and Contract Law

Purchase, Leasing, and Maintenance of Computers

The purchase contract for a computer is subject to the provisions of the German Civil Code (BGB). Particular importance is attached to liability for material defects and warranty rights. For leasing or rental models, the specific provisions of the respective contract law must be observed, especially maintenance and update obligations.

Software Licensing Combined with Hardware

Computer systems are often sold together with pre-installed software. The license terms may set restrictions regarding user rights, resale, or installation on additional devices.

Computers in Employment Law

Use of Company Computers

The use of computers at the workplace is subject to company regulations and the co-determination rights of the works council (Section 87 (1) No. 6 BetrVG). Data protection aspects, especially monitoring of computer use, require a careful balance between company interests and the personal rights of employees.

Computers in Administrative Law

Electronic Recordkeeping and Administrative Procedures

Authorities use computers for electronic recordkeeping (e-files), communication, and administrative procedures (e-government). The legal basis for this can be found in the E-Government Act and the administrative regulations of the federal states.

International Aspects

Applicability of Cross-Border Regulations

Computer systems are often part of international data flows. European and international legal frameworks, such as the General Data Protection Regulation or the Budapest Convention on Cybercrime, shape the legal requirements. Export control regulations may also apply, especially for high-performance components.

Definition in Flux: Evolution of Legal Terms

The definition of computer is constantly reassessed and expanded due to technological and societal developments. Modern devices such as smartphones or connected systems (Internet of Things, IoT) are increasingly considered computers in the legal sense, as long as they process data automatically.

Summary and Outlook

The term computer occupies a central position in law and covers all devices for automated data processing. The legal situation affects criminal law, data protection law, copyright law, IT security law, contract law, employment law, administrative law, and international regulations. Legislators and courts are continually required to adapt the term and its areas of application to technological advancements and social changes.

Frequently Asked Questions

Who is liable for software defects that cause damage to a computer?

Liability for software defects in Germany is primarily governed by the contract law of the German Civil Code (BGB) as well as, where applicable, the Product Liability Act (ProdHaftG). If faulty software is sold, the seller can be liable for damages under Section 434 BGB within the framework of liability for material defects, provided a defect was present at the time of transfer of risk. In addition to contractual claims, tort claims for damages under Section 823 BGB may be relevant if gross negligence or intent causes financial loss. In cases of mass-produced goods, product liability law may apply if a software defect constitutes a ‘product defect’ within the meaning of the law and causes personal injury, health impairment, or property damage. It should be noted that mere financial losses, such as data loss, are generally not covered by the Product Liability Act.

Are employers allowed to monitor their employees’ use of computers?

The employer’s right to monitor computer use in the workplace is significantly restricted by data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Continuous and comprehensive monitoring, such as recording all keystrokes (keylogging) or the complete logging of Internet and email usage, is generally not permitted. Exceptions are allowed only in cases of specific suspicion of serious breaches of duty, whereby the principle of proportionality must be maintained even in these cases. Before introducing technical monitoring measures, the co-determination right of the works council under Section 87 (1) No. 6 of the Works Constitution Act (BetrVG) must also be observed in workplaces with a works council.

What is the legal situation regarding downloading of copyrighted programs?

Downloading copyrighted software without the rights holder’s permission constitutes a copyright infringement under the German Copyright Act (UrhG). This also includes downloading programs from so-called illegal sources such as file-sharing platforms or peer-to-peer services. In case of such an infringement, the rights holder may assert civil claims for injunctive relief and damages (Sections 97 et seq. UrhG). In addition, criminal prosecution is possible under Section 106 UrhG, ranging from fines to imprisonment. The use of software from legal sources, such as open source, is permitted provided that the respective license terms are complied with.

Who is responsible for malware on company computers?

Responsibility for damage caused by malware in a corporate environment generally lies with the employer or the company. It is their duty to implement appropriate IT security measures, such as firewalls, antivirus software, and regular updates. If damage nevertheless occurs, it may be examined whether any liability claims exist against the security software manufacturer, employees in cases of gross negligence, or third parties for damages. Violations of internal IT policies by employees may lead to employment law consequences such as warnings or dismissal if grossly negligent or intentional behavior is proven.

Must data protection requirements be observed when disposing of or transferring a computer?

Yes, according to Art. 17 GDPR (‘right to erasure’) and the Federal Data Protection Act (BDSG), special diligence obligations apply when handling personal data. Before disposing of, transferring, or selling a computer, all personal data must be deleted completely and irretrievably. Deleting files alone is not sufficient, as they can be restored with special tools. It is advisable to use certified deletion methods (for example, according to DIN 66399) or physically destroy the data carriers. Companies are obligated to prove this as part of their accountability, while private individuals can be held liable if data protection violations occur due to carelessness.

Can access to computers and networks in a company be restricted for security reasons?

From a legal standpoint, the employer is authorized to limit access to company computers and networks if this serves to protect company interests and data security. However, such measures must be announced transparently and be proportionate. In companies with a works council, the co-determination right (Section 87 (1) No. 6 BetrVG) applies. Restrictions must not constitute prohibited discrimination or harassment and must comply with applicable data protection and labor laws. Additionally, regulations of the BSI Act and industry-specific compliance requirements must be observed when handling sensitive data.

What legal requirements apply to the use of computer workstations in home offices?

The use of computer workstations in home offices is subject to employment law, data protection law, and occupational health and safety regulations. Employers must ensure that data protection and IT security requirements are met outside the company (GDPR, BDSG). This includes, for example, encrypted connections (VPN), secure passwords, and the use of approved devices. According to the Occupational Health and Safety Act (ArbSchG) and the Workplace Ordinance (ArbStättV), the employer is also obligated to ensure ergonomics and health protection at computer workstations; this also generally applies to work from home. With respect to time recording and data protection, clear company regulations are advisable and are often contractually stipulated.