Apple Faces Legal and Technical Hurdles in Data Disclosure for Spanish Judge’s Request

A Spanish judge has requested Apple to provide data from an iPhone linked to a murder investigation, highlighting the tech giant’s strict privacy policies and the challenges of accessing user information across jurisdictions. The case centers on Jonathan Andic, whose iPhone disappeared in March 2025, raising questions about what data Apple could legally and technically share with the court.

What Data Is the Judge Seeking?

Juice 5 of Martorell, Judge Raquel Nieto, requested data from Jonathan Andic’s iPhone, including location history, iCloud backups, and login activity, following his father’s death. The judge also sought information about the phone’s disappearance and the subsequent replacement with an iPhone 16, which had a backup restored from iCloud. However, Apple’s encryption and data retention policies limit the information available.

According to the Spanish Legal Code, courts can request data through a “Solicitud de Datos (Spain)” process. However, Apple’s policies, outlined in its privacy documentation, state that iCloud data is encrypted and accessible only with user credentials. If Jonathan Andic had enabled advanced data protection, Apple could not retrieve the data even if compelled by a court.

Why Is Apple Resisting Data Disclosure?

Apple has long resisted sharing user data, even with law enforcement. The company’s encryption policies prioritize user privacy, making it difficult for third parties to access content without the user’s passcode. This stance has led to legal battles, such as the 2016 dispute with the FBI over unlocking an iPhone tied to the San Bernardino shooting.

Forensic expert Bruno Pérez Juncà noted that Apple’s data retention practices further complicate matters. “Many records, like location data or device connections, are deleted after 25 days,” he said. “If the case involves data older than that, it’s likely already gone.”

Can a Court Force Apple to Comply?

Under U.S. law, Apple could be required to hand over data if the request meets the Electronic Communications Privacy Act (ECPA) standards. However, the case involves a Spanish court, and Apple’s compliance depends on international legal frameworks like the Mutual Legal Assistance Treaty (MLAT) or the CLOUD Act. The judge’s request may qualify as an emergency, but Apple’s policies remain a barrier.

Legal scholar Beatriz Escudero, from CUNEF University, explained that Spanish law does not criminalize corporate non-compliance. “Only individuals can face charges for disobedience,” she said. “Fines for companies are minimal compared to their budgets.”

What Are the Broader Implications?

The case underscores the tension between privacy and law enforcement. While Apple argues its encryption protects users, critics like Pérez Juncà warn that data loss could hinder investigations. “If Apple doesn’t retain backups, it’s a systemic issue,” he said. “Other companies may follow suit, leaving courts with limited tools.”

Experts suggest that legislative changes could force tech companies to retain data for longer periods. “Without stricter regulations, companies will prioritize privacy over judicial needs,” Escudero added. “The balance between security and civil liberties remains fragile.”

What’s Next for the Case?

The outcome hinges on Apple’s willingness to cooperate and the court’s interpretation of international data laws. If the company refuses, the case may set a precedent for how tech firms handle similar requests. For now, the legal and technical barriers remain significant, leaving the investigation in limbo.