Sentencing data-driven cybercrime. How data crime with cascading effects is tackled by UK courts

Abstract

This paper contributes to research seeking to understand if and how legislation can effectively counter cybercrimes that compromise personal data. These ‘data crimes’, which are the ‘dark side’ of big data and the data economy enabled by cloud computing, display cascading effects, in that they empower disparate criminals to commit further crimes and victimise a broad range of individuals or data subjects. The paper addresses the under-researched area of sentencing, which, as the last step of the judicial process, plays a crucial role in how the law is interpreted and implemented.This paper investigates courts’ approach to the evolving technological environment of cybercrime captured by data crime and the cascade effect and whether the cascade effect can assist courts in dealing with data-driven cybercrime. The paper examines original data collected from UK courts, namely 17 sentencing remarks relating to cybercrime court cases decided in England & Wales between 2012 and 2019. The analysis shows that courts appreciate the impact of data crime and their cascading effects, but that the complexity of the offences is lost at sentencing, arguably due to the negative impact of systemic factors, such as technology neutral law and the lack of legal authorities.After examining such systemic factors, the paper suggests how the cascade effect could aid sentencing by adding specificity and context to data crime. The paper ends with avenues for further research relating to debates on fair cybercrime sentencing and open justice.