Andorran Data Protection Agency Proposes Penal Code Reforms to Combat AI and Digital Threats
APDA praises draft's tech sensitivity but urges updates for AI-enabled crimes, digital identity theft, communications interception, and synthetic media, seeking harsher penalties and expanded corporate liability.
Key Points
- APDA praises Penal Code reform draft for tech sensitivity but proposes AI aggravating factors.
- Expands identity usurpation to digital acts like fake accounts, profiles, and synthetic media.
- Updates communications interception to cover digital apps and platforms.
- Extends corporate liability and harsher penalties for privacy violations.
The Andorran Data Protection Agency (APDA) has delivered a set of observations and amendment proposals to the General Council's syndicatura regarding the qualified bill to reform the Penal Code. The suggestions focus on bolstering protections for privacy, personal data, communications secrecy, and digital identity against technological advances.
While offering an overall positive evaluation of the draft—praising its recodification efforts, structural organisation, and sensitivity to tech developments—the APDA calls for specific updates to counter rising digital threats. A core recommendation is establishing a general aggravating factor for crimes enabled by artificial intelligence, automated systems, simulation or alteration tools, or synthetic content creation. These methods, according to the agency, boost deception, hinder author identification, and amplify damage.
The APDA emphasises revising the identity usurpation offence to cover digital acts explicitly, such as unauthorised creation, use, or control of accounts, profiles, credentials, digital signatures, certificates, images, voice recordings, or similar identifiers. It urges harsher penalties when such impersonation employs tech that boosts credibility or evades detection, moving beyond traditional physical or document-based fraud to address online manipulation and synthetic media.
On communications, the agency advocates rephrasing illegal eavesdropping as "interception of communications." This expands coverage to include capturing, accessing, monitoring, or recording digital interactions on messaging apps, online platforms, or equivalents, while safeguarding defence rights and evidence from legitimate participants.
Additional proposals include linking specially protected data definitions to current regulations for greater flexibility and alignment; strengthening penalties for non-consensual sharing of intimate or altered content, including in private groups or closed networks; modernising offences involving illicit use of automated personal data; introducing rules on digital forgeries in certifications, valuations, and high-value asset tracking like jewellery, precious stones, metals, or art; and extending corporate criminal liability for certain privacy violations due to inadequate oversight.
These changes, the APDA contends, would sharpen the code's technical accuracy, ensure systemic consistency, and equip it to handle current and future digital risks without altering its core design. The agency has asked the syndicatura to share the proposals with parliamentary groups as the bill advances.
Original Sources
This article was aggregated from the following Catalan-language sources:
- El Periòdic•
L’APDA proposa esmenes al Codi penal per adaptar-lo als reptes actuals de la protecció de dades digitals
- Altaveu•
L'APDA demana endurir el Codi Penal per combatre l'ús il·lícit de la IA i la suplantació digital
- Bon Dia•
L'APDA veu prioritari adaptar el delicte d’usurpació d’identitat a la realitat digital
- La Veu Lliure•
L’APDA vol endurir el Codi Penal per frenar la suplantació d’identitat i els delictes amb IA
- Diari d'Andorra•
L'Agència de Protecció de Dades proposa endurir el Codi Penal davant els riscos de la IA