Murcia High Court: The mass cloning of computer equipment may constitute a violation of fundamental rights
Violation of fundamental rights in inspection actions on computer equipment
The Murcia High Court has issued a ruling on 16 October 2025, in a case handled by our firm, which represents a significant milestone in the judicial oversight of inspection actions when they affect the entire contents of computer equipment. The Court declares that the mass, indiscriminate cloning carried out by the Spanish Tax Agency (AEAT) without prior filtering violated the fundamental right to privacy and the right to the secrecy of communications, annulling the precautionary measure that authorised such data extraction.
This is a particularly significant ruling because it consolidates an emerging trend in Spanish case law: the requirement for clear limits and effective safeguards in the technological actions of the Tax Administration.
Case description
The facts of the case reflect an increasingly common practice. The Tax Inspection appeared at our client’s premises under a court order and proceeded to copy all existing computers and servers in their entirety, without distinguishing professional information from strictly personal data.
The inspectors explicitly warned about the presence of private documents on the devices, yet the Administration still carried out a full cloning that exceeded what was strictly necessary for the purposes of the audit. For the Court, this action was not only avoidable—the Inspection had several days, and could even have requested an extension, to implement a filtering method respectful of the rights at stake—but also went beyond the scope of the court order authorising the entry.
Case law: progress regarding the Supreme Court’s criterion on the violation of fundamental rights
The significance of this ruling is better understood in relation to the Supreme Court judgment of 5 June 2024 (CVC case), in which the Supreme Court tentatively opened the door to the possibility that mass cloning could violate fundamental rights, although in that instance it concluded that there were insufficient circumstances to establish a breach.
The Murcia High Court, by contrast, applies the same principle and takes it a step further, finding that in this case a real and effective violation did occur. In this regard, the ruling represents a first expansive and protective application of the doctrine initiated by the Supreme Court, reinforcing the standard of proportionality and respect for privacy in the context of inspection actions involving access to digital devices.
Legal standing: strategy and effects
From a procedural perspective, the case is also of considerable interest. On the one hand, we filed an appeal against the order authorising the entry—which is still pending—and, on the other, a special procedure for the protection of fundamental rights.
To meet the strict requirements that Supreme Court case law has established regarding the standing of legal entities to invoke the right to privacy, the claim was brought not only on behalf of the investigated entity but also on behalf of one of the employees directly affected by the cloning. This strategy proved decisive, as the Court recognised the employee’s standing, examined the action from the perspective of their fundamental rights, and ultimately declared the precautionary measure null and void.
Practical implications in the event of a possible violation of fundamental rights in digital audits
The ruling provides a series of practical implications for companies and professionals subject to audits, as well as for the Administration itself. Indiscriminate cloning can no longer be regarded as a routine tool: the Inspection must strictly limit the content it decides to copy, justify the necessity of each action, and ensure the existence of prior filters that exclude personal information or data unrelated to the purpose of the procedure.
Court orders must be executed with scrupulous respect for their terms, without extending their scope to unauthorised areas. Furthermore, when there are indications that the devices contain sensitive or private information, the Administration is obliged to implement technical protocols that allow only data relevant to the audit to be selected, thereby avoiding indiscriminate access to the personal sphere of employees and executives.
Conclusion: the violation of fundamental rights in digital audits and its impact on tax administration
In short, the Murcia High Court ruling represents a significant advance in the protection of fundamental rights against digital audits in the tax context. It reaffirms the principle that the effectiveness of inspections cannot become a blank cheque to access without limits the most sensitive information of a company and its employees.
Case law appears to be moving towards a greater balance between the needs of the Administration and the protection of privacy in increasingly complex technological environments. A necessary balance, which, with rulings such as this, is beginning to take shape clearly and firmly.
Need advice? Visit our section on the protection of fundamental rights in the tax context: