CONCURRING OPINION OF JUDGE PAVLI

1. I am in full agreement with the outcome and reasoning of today’s judgment. I am writing separately in order to emphasise two sets of issues that I consider to be of great importance for the fate of lawyer-client privilege, a cornerstone of defence rights, in our digital age.

2. The first point relates to the question of what constitutes an interference with said privilege and whether a practising lawyer should be required to prove that some form of “actual harm” followed from searches and seizures of privileged materials and communications. Any such requirements are based, in my view, on a conception of legal professional privilege that would be alien to most practising lawyers. It is also a conception that stands at odds with the Court’s well ‑ established jurisprudence on the protection of personal and/or otherwise protected data: any capture of such data by a public authority is in principle sufficient to constitute an interference with the relevant interest protected by the Convention. This approach was confirmed recently by the Grand Chamber, in the bulk surveillance context, in Big Brother Watch and Others v. the United Kingdom (nos. 58170/13 and 2 others, § 330, 25 May 2021), both generally and with respect to the comparable privilege enjoyed by the press in relation to confidential journalistic material (ibid., §§ 447 ‑ 50).

3. In other words, there is a presumption that any seizure of prima facie privileged data by the authorities is capable of undermining the confidentiality of the material unless strict data-searching safeguards are in place, usually involving some form of judicial review. The burden is on the authorities to show that they have not unduly interfered with the privilege. Any other approach to the question of victim status would turn this presumption on its head. After all, the applicant is a criminal defence lawyer and at least some of his clients – that is to say, those who were not connected in any way with the investigation in which the applicant himself was a suspect – were potentially under investigation by the same police department that had seized his electronic devices. I would think that would be enough to make most defence lawyers, as well as their clients, quite nervous.

4. Secondly, the respondent Government have argued, in effect, that LPP protection depends on a strict separation of privileged material from other, non-protected, data (see paragraph 81 of the judgment). While this is certainly a proper ethical standard to be followed by defence lawyers, the claim that the current applicant failed to do so is based on assumptions that are not univocally supported by the record before us.

5. Furthermore, historical notions about the neat separation of privileged and non-privileged material may need to be recalibrated for our digital ways and mores. For example, how many of us can claim to keep an impenetrable wall between the personal and professional data held within our smartphones? Perhaps practising lawyers should be held to a higher standard – but what applies to paper records may not apply as easily to our increasingly complex digital lives. Practices and ethical standards in this field are still evolving. Finally, even assuming that a defence lawyer has been somewhat lax in the handling of privileged material, that should not give police departments carte blanche to undertake fishing expeditions through his or her data – whose confidentiality, it should be recalled, is guaranteed in the first place for the benefit of the lawyer’s clients.

6. I have little doubt that the challenges of protecting sensitive electronic data will continue to keep the Court occupied in the coming years. I also believe that the current judgment’s emphasis on the need for rigorous legislative frameworks in this field, including with respect to search modalities and other digital-specific arrangements, is the correct approach. We need to adapt fundamental protections to the realities of the digital age, without losing sight of their raison d’être .

JOINT DISSENTING OPINION OF JUDGES RAVARANI, SEIBERT-FOHR AND ZÃœND

1. Though we share the majority’s general concerns about the insufficient clarity and foreseeability of the legislative framework in respect of the seizure of data protected by legal professional privilege (LPP), with regret we cannot agree with the majority’s finding that the application was admissible, as we consider that the applicant could not claim to be a victim of a violation of Article 8 of the Convention.

2. The starting point is section 44(1)(4) of the Bar Association Act (see paragraph 41 of the judgment; see also the commented edition of the Code of Conduct of the Estonian Bar, mentioned in paragraph 43), which requires that a lawyer “must store data carriers concerning the provision of legal services separately from other data carriers in his or her possession”.

3. The reason behind this provision is quite obvious and has to be seen in the context of legal professional privilege (LPP), which is aimed at protecting the confidentiality of exchanges between lawyers and their clients and which is a cornerstone of the right of defence in a trial (see Apostu v. Romania , no. 22765/12, § 96, 3 February 2015, and Altay v. Turkey (no. 2) , no. 11236/09, § 50, 9 April 2019). Professional secrecy is the basis of the relationship of trust existing between a lawyer and his client (see Saber v. Norway, no. 459/18, § 51, 17 December 2020). Furthermore, the safeguarding of professional secrecy is, in particular, the corollary of the right of a lawyer’s client not to incriminate himself (see André and Another v. France , no. 18603/03, § 41, 24 July 2008). The first sentence of section 43(2) of the Estonian Bar Association Act provides that information disclosed to a lawyer is confidential.

4. As LPP is aimed at protecting the confidentiality of exchanges between the lawyer and his or her clients, in principle the lawyer is not entitled to unilaterally waive the privilege and reveal the content of what he or she shares in confidence with the client. At the same time it is in the nature of LPP that the only data which benefit from such privilege are those that are shared by the lawyer and his or her client, as it is not designed to protect exclusively the lawyer but also, and even primarily, the client.

5. Section 44(1)(4) of the Bar Association Act seeks to delineate the scope of the information specially protected by LPP without conferring on the lawyer a discretion to have all data he or she stores protected without distinction, whatever their content. Its effectiveness therefore depends on scrupulous compliance, by the lawyer, with the obligation to store confidential information separately. Negligence or even deliberately wrongful behaviour in this regard will ultimately weaken the lawyer’s and the clients’ protection.

6. A problem arises if – as happened in the present case – the lawyer does not comply with this obligation and mixes the protected data with unprotected data, for instance if he engages in other business. It is true that the clients should in no way suffer from such negligence or deliberately wrongful behaviour, but such protection should not lead to a situation where the lawyer him or herself can claim extended protection covering not only LPP information but also other data. He or she should not be entitled to claim protection of a privacy the limits of which he or she has blurred and which is mainly designed to protect somebody else, namely the client. In other words, should the applicant benefit from wrongful behaviour which he himself committed? The principle nemo auditur turpitudinem suam allegans (for an application of the principle by the Court, see Monory v. Hungary and Romania (dec.), no. 71099/01, 17 Feb. 2004) could easily be applied in such a context.

7. The judgment to some extent acknowledges the problem (see paragraph 101) but does not draw any inferences from it.

8. The fact that the applicant did not take advantage of the opportunity to be present during the examination of the seized data, as indicated by the judge (see paragraph 24 of the judgment), was certainly not very helpful. It is perhaps true that no such right was expressly enshrined in a legal provision, but the applicant could at least have discussed the relevance of the keywords with the investigators. Instead he showed a kind of disinterest in what was actually and concretely happening to the seized data.

9. The same is true of his choice not to submit any requests before the official investigation was closed (see paragraph 25 of the judgment), despite the fact that Article 225 § 1 of the Code of Criminal Procedure conferred such a right on him. It is of little relevance in this connection that the provision in question is apparently rarely used in that context and that the applicant had twice previously challenged the seizure of his laptop without success. As a matter of fact, had he been really interested in having the stored data protected he could have shown some diligence in this regard too.

10. Moreover, the applicant obviously did not suffer harm as a result of the violation of LPP. He did not even try to explain in what concrete sense he had suffered on account of the seizure of the data. It is true that his clients may have suffered harm as a result of the seizure, but this appears to be merely a hypothetical assumption in the absence of any concrete evidence submitted to the Court. We are unable to accept that LPP is an absolute right, failure to respect which entails a violation of Article 8 irrespective of the consequences of that failure. The applicant had a duty to show how and to what extent his rights and interests had been prejudiced. However, what he in fact did was to eventually rely expressly on the information drawn from the seized and copied data. His behaviour showed that he was not interested in the actual protection of the data but was ready to use the evidence allegedly found in violation of LPP for his own purposes, irrespective of the protection of his clients. In any event, the fact that he actually relied on the data contradicts his assertion that he was negatively affected by their seizure.

11. These various elements lead us to the conclusion that the seizure of the data did not affect the applicant in the exercise of his rights under Article 8.