Can the police look at your phone after arresting you? What the law says
The mobile phone is today the most intimate personal object we carry: private conversations, photographs, emails, banking data, browsing history. That is why, when someone is arrested and the police take their phone, an urgent question arises: can they look at what is inside?
It is worth distinguishing two very different acts. Seizing the phone, that is, physically taking it from the detainee, does not require judicial authorisation: the police can do so at the moment of arrest to preserve possible evidence. But accessing its content is something completely different. Having the device in their possession does not give the police any right to read the messages, view the photographs or examine the history: between seizing and examining there is a legal barrier that only a judicial authorisation can lift.
Access to the content of a phone affects two fundamental rights: the secrecy of communications, under Article 18.3 of the Constitution, which protects WhatsApp messages, emails and any private communication, and the right to privacy, under Article 18.1, which covers photographs, history and data from the private sphere. Both may be limited, but only by a reasoned judicial decision that assesses proportionality.
The general rule is clear: the police need a reasoned court order to access the content of a phone. That order must be specific: it must determine what type of content may be examined, during what period and for what purpose. A generic authorisation to examine the phone is not enough. The exceptions are very few and to be interpreted strictly: only an extreme, real and established urgency, not created by the police's own inaction, could justify access without prior authorisation, and always with immediate subsequent judicial review.
If the police access the content of a phone without judicial authorisation and without a valid exception applying, the consequence is the nullity of the evidence: everything obtained is inadmissible, and under the fruit of the poisonous tree doctrine so is anything derived from it. In addition, that unlawful access may constitute an offence of discovery and disclosure of secrets.
A highly controversial issue is whether the detainee must provide the PIN or password. According to the dominant case law, no: compelling someone to hand over the access code to a device with possible incriminating information would clash with the right not to incriminate oneself. The refusal cannot be used as proof of guilt. WhatsApp conversations already received and stored are considered protected by the right to privacy and still require judicial authorisation; it is also worth distinguishing between the content of the device itself and that hosted in the cloud or on foreign providers' servers, access to which may require additional procedures.
When the judge authorises access, it is usually carried out through a digital forensic analysis that can even recover deleted messages; that analysis must adhere strictly to the limits of the order. The defence has the right to know the forensic report and to propose its own expert. The practical recommendation is never to unlock the phone or hand over the password without first consulting the lawyer.
