Competent authority

National Police or the Court of Justice.

Basis in law

The requirement to surrender computer data in accordance with Article 18(1)(a) is governed by the Code of Criminal Procedure. Accordingly, every person shall grant access to seized information saved on data carriers. On request, every person shall hand over an electronic data carrier in a commonly used file format or have such a data carrier produced. Moreover, the person shall permit the production of a backup copy of the information saved on the data carriers. (§96(2a) of the Code of Criminal Procedure)

If different for subscriber information

The requirement of service providers to transmit location data and subscriber data (together, these types of data correspond to the term "subscriber information" defined in Article 18 of the Cybercrime Convention) is governed by the Communications Act. Accordingly, providers of publicly available communications services shall record all subscriber data as referred to in Article 3(1)(48) irrespective of the type of contractual relationship and store them for the entire duration of the contractual relationship with the subscriber in question as well as six months after the termination thereof. (Article 53 of the Communications Act)

If different for traffic data

Form

Order of the Court of Justice or written request by the police.

Competent authority

National Police and Court of Justice.

Basis in law

Providers of publicly available electronic communications services and operators of a public communications network are required:

a) to provide appropriate technical possibilities to enable the competent authorities to monitor an electronic communication in accordance with the provisions of the Code of Criminal Procedure;

b) to participate to the required extent in the surveillance of an electronic communication in accordance with the provisions of the Code of Criminal Procedure;

c) to store retained data for the purpose of participating in a surveillance in accordance with article 52a of the Communications Act. (Article 52(1) of the Communications Act)

Providers of publicly available electronic communications services and operators of a public communications network shall store retained data for a period of six months from the time the communication process is terminated, to the extent the data have been generated or processed in the course of providing the communications service, for the purpose of participation in a surveillance. These data shall be deleted immediately upon expiry of this time period, without prejudice to Article 49(2) of the Communications Act (Article 52a(1) of the Communications Act).

Retained data shall be stored such that they and all other associated required information can be forwarded immediately to the authorities responsible for carrying out the surveillance of an electronic communication (Article 52a(2) of the Communications Act).

Retained data shall be of the same quality and subject to the same security and the same protection as the data available in the electronic communications network. Retained data shall be protected by appropriate technical and organizational measures against accidental or unlawful destruction, accidental loss, accidental alteration, unauthorized or unlawful storage, processing, access, and disclosure. It must be ensured by appropriate technical and organizational measures that access to the retained data is reserved exclusively to specially authorized persons. (Article 52a(3) of the Communications Act)

Article 54a of the Ordinance on Electronic Communications Networks and Services (VKND) sets out the categories of retained data that must be stored by providers of publicly available electronic communications services and operators of a public communications network. Articles 60 et seq. VKND also contain implementing provisions on participation and provision of information in this context, including regarding technical capabilities and compensation.

Data stored pursuant to a retention requirement must normally be surrendered pursuant to a judicial ruling based on §§ 103 (surveillance of electronic communication) or 96 (seizure) StPO.

In case of imminent danger, the existing standby arrangements at the National Police, which serves as a 24/7 point of contact in accordance with Article 35 of the Cybercrime Convention, at the Office of the Public Prosecutor, and at the Court of Justice make it possible to obtain an oral ruling immediately, i.e. generally in less than 30 minutes (§§ 103 and 96 StPO).

If different for subscriber information

If different for traffic data

Form

The National Police is responsible for securing data, which is then transmitted to the Court of Justice. Surrender of data requires a judicial ruling; an oral ruling suffices in case of imminent danger (§§ 103 and 96 StPO).

Definition of emergency situation

No "emergency situations" are defined in Liechtenstein law. However, "exceptional situations" do exist, which correspond to the definition of an emergency situation. According to Article 3(c) of the Civil Protection Act (Gesetz über den Schutz der Bevölkerung, BSchG), an "exceptional situation" is a situation:

1. in which regular procedures do not suffice to surmount the pending tasks in numerous areas;

2. which can no longer be dealt with using solely the means and powers designated for normal situations; and

3. which requires the employment of non-local and external help.

Obligation to cooperate

Yes, under Articles 31 to 34 of the Civil Protection Act (BSchG), the population not only is required to cooperate with the authorities, but also to provide assistance.

Obligation of secrecy

Yes, the confidentiality of investigations is set out in § 39 et seq. of the Code of Criminal Procedure. Courts, the Office of the Public Prosecutor, and the National Police must observe the principles of legality and proportionality when processing personal data, including particularly sensitive data. In any event, they must safeguard the sensitive confidentiality interests of the persons concerned, and they must give priority to the confidential treatment of data. Additionally, they must make appropriate arrangements to safeguard the confidentiality interests of the persons concerned when processing particularly sensitive data and personality profiles. (§ 39a(2) StPO)

Non respect of the obligation of secrecy

Inaccurate data or data gained in contravention of the provisions of the StPO must be corrected or deleted immediately. The Court, the Office of the Public Prosecutor, and the National Police shall immediately notify the authorities to whom they have provided inaccurate data of the correction. (§ 39d(1) StPO)

Exception

According to § 39c StPO, the Court, the Office of the Public Prosecutor, and the National Police may disclose personal data arising from pending proceedings for the purpose of use in other pending proceedings if it must be assumed that the data may provide important insights. Moreover, data gathered through surveillance of electronic communication may be used in criminal proceedings to the extent their use is permissible also in related civil or administrative proceedings and to avert judicially punishable acts subject to a penalty of imprisonment of more than one year, as well as to avert substantial danger to the life, limb, or liberty of a person or to substantial tangible or financial assets. (§ 39d(5) StPO)