Unlawful evidence and online liability: what are the IT law lessons from the Shield & Friends case?

The judgment of the Ghent Court of Appeal in the case of Schild & Friends, pronounced on June 20, 2025, constitutes a particularly readable case for anyone dealing with IT law. As a law firm specializing in IT law, in this post we analyze the key technological and legal aspects of this case. The ruling offers crucial insights on the value of digital evidence, the definition of hacking, and the liability of administrators of online platforms.

The digital crime scene: Facebook & Discord

At the heart of the criminal case were communications within two restricted online groups: a Facebook group with about 750 members and a Discord server that had 163 users. VRT journalists from the program Pano gained access to these groups through an internal source and uncovered the controversial content.

These online environments were more than mere chat boxes; they had a clear structure. For example, the Discord server had several "channels" and a hierarchical ranking system ranging from "Normie" to "Warrior" to "Final Boss." This structure would later play a role in determining the responsibilities of the various members.

The key question: was the evidence lawfully obtained?

The defense argued that the evidence was illegally obtained. After all, VRT journalists would have been guilty of hacking to obtain the data from the closed groups. The appeals court partly followed this reasoning, but did not attach the consequences desired by the defense.

1. Hacking, not violation of telecommunications secrecy

The court made an important technical-legal distinction. The defense argued that there was a violation of Article 314a of the Criminal Code (the intentional interception of communications not open to the public). However, the court held that this article applies only to the interception of communications while taking place (live communication). The messages on Facebook and Discord were already stored data in a computer system. Accessing such stored data does not fall under telecommunications secrecy, but does fall under the crime of 'hacking', as defined in Article 550bis of the Criminal Code.

2. Consent of a member is not a free pass

The most plausible hypothesis was that the journalists gained access through the login credentials of an existing member (the so-called "mole"). The court sharply stated that even with that member's permission, the journalists were guilty of hacking. The reasoning is as follows: the member himself was entitled to access the groups, but the journalists using his account were not. After all, they were not authorized by the groups' administrator. This is a crucial lesson for everyone: passing on your login and password to a third party, does not automatically give that third party the right to enter a (private) system.

The Antigoon key in the digital age

Thus, although the court assumed that the evidence may have been unlawfully obtained (via hacking) by a third party (the VRT), this did not lead to the annulment of the evidence. The court applied the so-called Antigoon test (contained in article 32 of the Prior Title of the Code of Criminal Procedure.) and considered three elements:

The reliability of the evidence: The irregularity had not affected the reliability of the data. An IT expert appointed by the investigating judge confirmed the authenticity of the Discord data. He was able to do so in part because links to attachments (images, files) were still active on Discord's servers and contained technical information that could confirm the origin and identity of users, such as the main suspect. Moreover, numerous other members admitted during their interrogation to having posted the messages attributed to them.
The right to due process: The use of the evidence did not compromise the right to a fair trial. The court weighed the seriousness of the irregularity committed (hacking by journalists) against the seriousness of the crimes. The crimes - incitement to hatred and discrimination, negationism and belonging to a group that proclaims it - were considered very serious and a threat to a peaceful society. Barring the evidence would therefore be manifestly disproportionate.
The role of government: The irregularity was not committed by the police or the courts, but by third parties. The judicial authorities intervened only after the Pano report and came into possession of the data in a perfectly legitimate manner.

From "End boss" to co-perpetrator: an administrator's liability

Another relevant aspect is the far-reaching responsibility that the court assigned to the operators of online platforms. The main defendant, D., was convicted not only for his own criminal posts, but also as a co-perpetrator for the negationist messages sent by other members were posted.

The court's reasoning is clear. D. was the founder and "final boss" of the groups. He created and managed the Facebook group and owned the Discord server. He thus provided the necessary infrastructure (the "indispensable aid" within the meaning of Article 66 Criminal Code) within which the crimes could be committed. Crucially, he was perfectly aware of the negationist and racist content circulating there - he was even worried that journalists would discover it. Nevertheless, he allowed the posts to stand and did not intervene, even though as administrator he had the ability to do so.

This view places a heavy responsibility on anyone who manages an online community, whether it is a forum, a Facebook group, or even a WhatsApp group within a company or association. Knowingly making available a platform on which crimes are committed can lead to a conviction as a co-perpetrator.

Conclusion for practice

The Shield & Friends ruling is an example of how law adapts to digital reality. It confirms that the online world is not a legal vacuum and that online actions have serious offline consequences. For citizens and businesses, this ruling provides some clear lessons:

Digital evidence is full proof: The courts take the analysis of digital traces very seriously and are prepared, with the help of experts, to assess their authenticity and probative value.
Access is not always permitted: Using someone else's login information, even with permission, can qualify as hacking.
Administrators have a great responsibility: Anyone who operates an online platform and has knowledge of criminal content has a duty to intervene. Passivity can lead to criminal culpability.

Do you have questions about digital evidence, online content liability, or have you yourself faced an IT law dispute such as hacking, online defamation or data breach? If so, please contact our attorneys.

Unlawful evidence and online liability: what are the IT law lessons from the Shield & Friends case?

The digital crime scene: Facebook & Discord

The key question: was the evidence lawfully obtained?

The Antigoon key in the digital age

From "End boss" to co-perpetrator: an administrator's liability

Conclusion for practice

Joris Deene

Contact

Recent posts

Is compensation automatically due after a conviction by the European Commission for a cartel violation?

May a seizure regarding counterfeiting continue after patent expiration?

Phishing and bank fraud: when should the bank refund your stolen money?

When is a failed investment actionable scam?

Can you continue to use a trademark for a plant variety after a license expires?

Press freedom vs. reputational damage: How far may investigative journalism go on sensitive social issues?

Breach of contract in long-term service contracts: is a high severance payment always valid?

Can modifying a European patent application undermine the validity of your Belgian patent?

Topics

Topics

ICT Legal Guide

Contact details

Where to find us

Disclaimers