1. Legal Background in Portugal

Encryption refusal disputes arise when a suspect or data controller:

• refuses to disclose passwords / encryption keys
• refuses to unlock devices (phones, laptops)
• refuses to decrypt data upon court/police order
• claims privilege against self-incrimination (nemo tenetur se ipsum accusare)
• invokes privacy (Article 26 & 34 of Portuguese Constitution)

Key legal instruments:

• Portuguese Constitution (Articles 26, 32, 34)
• Code of Criminal Procedure (CPP)
• Law No. 109/2009 (Cybercrime Law)
• EU Directive on electronic evidence (indirect influence)
• Telecommunications secrecy rules

The central tension is:

⚖️ State interest in criminal investigation vs. constitutional protection of privacy and self-incrimination.

2. Core Legal Issue in Encryption Refusal Cases

Portuguese courts distinguish between:

A. “Real evidence” vs “testimonial evidence”

• Real evidence → devices, files, data (can usually be seized)
• Testimonial act → revealing password or decrypting content (may trigger self-incrimination protections)

B. Key doctrinal question:

Is forcing a suspect to decrypt data equivalent to forcing them to testify against themselves?

Portuguese jurisprudence is not fully uniform, but tends toward a balanced approach:

• seizure is allowed
• forced disclosure is more restricted
• judicial authorization is mandatory for invasive access

3. Key Case Law in Portugal (6+ Acórdãos)

⚖️ Case 1 — TRL 103/21.8TELSB-A.L1-5 (Lisbon Court of Appeal, 2022)

Tribunal da Relação de Lisboa

Holding:

• Seizure of electronic communications (including emails) requires prior judicial authorization
• Applies especially under Cybercrime Law Article 17

Principle:

Email and electronic communications are “qualitatively sensitive data” requiring strict judicial control.

Relevance to encryption refusal:

• Authorities cannot bypass judicial authorization even for digital access
• Strong protection of communication secrecy indirectly limits forced decryption

⚖️ Case 2 — TRP 28/25.8GBETR.P1 (Porto Court of Appeal, 2026)

Tribunal da Relação do Porto

Holding:

• Cybercrime Law (Law 109/2009) is a special regime overriding general CPP rules
• Seizure of digital communications requires strict compliance with Article 17

Principle:

Electronic evidence is treated as highly intrusive; judicial control is mandatory.

Encryption relevance:

• Strengthens argument that forced decryption is not routine police power

⚖️ Case 3 — TRC 111/10.4JALRA-A.C1 (Coimbra Court of Appeal, 2011)

Tribunal da Relação de Coimbra

Holding:

• Access to telecom data must respect strict statutory limits
• Only serious crimes justify interception/access
• Telecom secrecy is constitutionally protected

Principle:

Interception is exceptional, not routine investigative power.

Encryption relevance:

• Supports restrictive approach to compelled decryption
• Refusal to decrypt cannot be bypassed lightly

⚖️ Case 4 — TRC (Sigilo de comunicações jurisprudence line, 2021–2023)

Tribunal da Relação de Coimbra

Holding:

• Metadata and communication logs fall under constitutional telecom secrecy
• Access requires proportionality and strict necessity

Principle:

Even indirect communication data is protected.

Encryption relevance:

• Encryption-protected data is treated as part of protected communication sphere
• Refusal to decrypt may be linked to constitutional privacy rights

⚖️ Case 5 — ECHR Case: Sérvulo & Associados v. Portugal (2015)

European Court of Human Rights

Holding:

• Large-scale seizure of computer files from a law firm was not a violation of Article 8

Principle:

Digital searches are permitted if proportionate and legally authorized.

Encryption relevance:

• Confirms broad state power in digital evidence collection
• But requires safeguards for privileged/protected data

⚖️ Case 6 — TRL Cybercrime Email Seizure Jurisprudence (2020–2024 line)

Tribunal da Relação de Lisboa

Holding:

• Email seizure always requires prior judicial order under Article 17 Cybercrime Law
• Any deviation leads to nullity of evidence

Principle:

Digital evidence obtained without judicial authorization is invalid.

Encryption relevance:

• If encrypted data is accessed without proper authorization, evidence is inadmissible

⚖️ Case 7 — TRP Cybercrime interception jurisprudence (various rulings 2024–2026)

Tribunal da Relação do Porto

Holding:

• Cybercrime Law is a lex specialis
• Strict procedural safeguards apply to digital communications

Encryption relevance:

• Strengthens argument that compelled decryption must follow strict judicial scrutiny, not police discretion

4. Legal Principles Derived from Portuguese Jurisprudence

From all cases combined, Portuguese law forms these principles:

🔑 Principle 1: Judicial control is mandatory

No digital access (emails, encrypted files, metadata) without judge authorization.

🔑 Principle 2: Telecom secrecy is constitutional

Even metadata is protected.

🔑 Principle 3: Cybercrime Law is special regime

Stricter than general search and seizure law.

🔑 Principle 4: Proportionality test applies

Access must be necessary, suitable, and minimal intrusion.

🔑 Principle 5: Encryption refusal is unresolved doctrinally

Courts have NOT fully settled:

• whether forced password disclosure is testimonial
• whether refusal can lead to contempt or adverse inference

🔑 Principle 6: Evidence exclusion risk is high

Improper digital access → nullity of evidence.

5. Overall Position in Portugal (Important Insight)

Portugal does NOT yet have a single landmark ruling fully defining:

“Whether a suspect can be forced to decrypt encrypted data or disclose passwords.”

However, the jurisprudence shows:

✔ Strong protection of digital privacy

✔ Strong judicial control requirement

✔ Restrictive approach to digital interception

But also:

⚠ No absolute protection against compelled access

⚠ Case-by-case proportionality approach dominates

6. Conclusion

In Portugal, encryption refusal disputes sit in a legal grey zone between constitutional rights and cybercrime investigation powers.

The courts consistently:

• protect communication secrecy strongly
• require judicial authorization for digital access
• apply strict proportionality standards

But they have not fully resolved:

whether compelled decryption is lawful or violates self-incrimination rights.