The right to seize and examine private phones: A Nordic perspective

The question of how far tax authorities may go in accessing the contents of private mobile phones during a tax audit has emerged as a contested issue at the intersection of effective tax enforcement and the right to privacy. In Norway, the Supreme Court recently confirmed that private phones may in certain circumstances be copied under ordinary administrative audit powers, a ruling that was subsequently tested before Oslo District Court just weeks later. In Sweden, a private mobile phone may only be seized if it was likely used in the audited activity, and any intrusion must be proportionate to the control interest at stake. How business and personal data can be meaningfully separated in practice, however, remains unresolved. In Denmark, there are no statutory provisions that expressly grant the tax authorities the right to copy and examine a private mobile phone as part of a routine administrative tax audit in the absence of suspicion of a criminal offence. The question remains the subject of ongoing debate. This article reflects on the legal framework in each of the three jurisdictions.

Introduction

Phones contain more personal data than any other single device. Messages, emails, photographs, financial records, and private communications are all stored in one place. When tax authorities demand access to that content during a tax audit, a direct conflict arises between effective tax control and the right to privacy.

How far Norwegian tax authorities may go has been actively contested. In April 2026, the Supreme Court's Appeals Committee accepted that private phones may in certain circumstances be copied under ordinary administrative audit powers, without a court order and without suspicion of wrongdoing. Less than six weeks later, Oslo District Court invalidated four specific seizure decisions applying that very ruling.

Legal framework

Section 10-4 of the Norwegian Tax Administration Act (Nw. skatteforvaltningsloven) authorises on-site administrative audits without a court order or any suspicion of wrongdoing. The managing director or chairman must give the authorities access to the company's business archives, which may be copied. Whether a specific mobile phone falls within those archives requires a case-by-case assessment: the question is whether the phone contains business information belonging to the company that is not accessible elsewhere.

Section 10-15 authorises evidence seizure, requiring advance judicial authorisation where there are reasonable grounds to suspect a breach that may result in penalty tax. Mirror copying creates an exact copy of all content on the device, including private information irrelevant to the audit. In HR-2025-2230, the Supreme Court confirmed that a mobile phone is a place of storage under the Norwegian Criminal Procedure Act (Nw. straffeprosessloven) and that mirror copying constitutes a search.

Recent court rulings of administrative control under Section 10-4

HR-2026-853-U, Supreme Court Appeals Committee, 15 April 2026
The Appeals Committee ruled two to one that tax authorities may copy and review the contents of a managing director's private mobile phone under Section 10-4, provided the phone is likely to contain business information forming part of the company's archives.

The majority held that the archives concept is neutral as to device ownership. Documents forming a natural part of the company's operations qualify as business archives regardless of who owns the storage medium. Where relevant business communications exist only on a privately owned device, that content may fall within the company's archives. The majority found the interference with Article 8 European Convention on Human Rights ("ECHR") justified, pointing to two procedural safeguards: private content must be shielded before any inspector reviews the material, and the affected person has the right to be present and to appeal. 

The dissenting judge held that the legislature had not addressed private phones in ordinary audits without suspicion of wrongdoing, and that where several audit measures are available, privacy considerations must carry decisive weight.

The ruling required a concrete, case-by-case assessment. The Committee addressed only the general legal question, not its factual application.

Oslo District Court, 28 May 2026, case no. 26-053822TVI-TOSL/08
Less than six weeks after HR-2026-853-U, Oslo District Court applied the ruling to four seizure decisions from an unannounced September 2025 audit of the Norwegian AI Technology AS group. Tax authorities had copied the phones of four individuals with leading positions in the group companies. The Tax Directorate upheld all four decisions.

The court declared all four decisions invalid for lack of legal basis and prohibited the authorities from reviewing the copied material.

The court held that general work use of a phone is not a sufficient basis for seizure. Tax authorities must have concrete, objective grounds to conclude that the specific phone contains business information not accessible elsewhere. Treating general phone use as sufficient would convert Section 10-4 into a blank power of attorney to access any manager's phone.

In each case, the court found that the required standard was not met. The board member's phone was seized when inspectors, on arrival, instructed all present to hand over the company's archives. That was not an objective basis. For the managing directors, emails were already accessible via servers or cloud services. One individual had designated one of two phones exclusively for private use. The court held that deliberate separation of private and business information across devices must be respected.

The judgment is subject to appeal.

Conclusion

HR-2026-853-U established that Section 10-4 can in principle authorise copying a private phone. The threshold is demanding, as illustrated by the cases before the Oslo district court.

The cases carry practical implications. Managing directors and board chairmen are most exposed, but the rulings affect anyone whose phone is used for any work purpose.

The latest ruling illustrates that companies can take certain cautionary measures to ensure that controls do not impose on the rights of the employees. These include keeping separate devices for work and personal communication and ensuring that company emails and documents are accessible via company servers or cloud services. Where the relevant information is already available elsewhere, the case for seizing a personal phone is weak.

General

Evidence seizure is a coercive mechanism under Chapter 45 of the Tax Procedures Act (2011:1244) enabling the Swedish Tax Agency to search for and seize documents required for a tax audit where the taxpayer is found uncooperative or where there is a palpable risk of deliberate concealment. As such, it requires a statutory basis under Chapter 2, sections 6 and 20 of the Instrument of Government (1974:152) and must comply with Article 8 ECHR. Decisions are made by an administrative court on application by the Tax Agency and are subject to an overriding proportionality requirement.

Business premises and private devices

The term "document" is defined broadly to cover written or pictorial representations and recordings perceivable only with technical equipment, encompassing electronic documents, digital images, and audio recordings alongside paper records. According to the Tax Agency's guidance, that the concept of seizable spaces extends to installations for the automatic processing and storage of data, whether portable or not, meaning that computers, mobile phones, tablets, and separate memory units can all fall within the scope of a valid seizure decision.

Evidence seizure directed at a private dwelling requires strict restraint under Article 8 ECHR, meaning that searches of residential premises are only authorised after searches of other spaces have proved fruitless. Where business premises are located within a dwelling, the decision covers the business part only. These principles apply equally to a private mobile phone used partly for business purposes: seizure is only warranted where the device can be assumed to have been used in the audited activity, and the proportionality of the intrusion must be weighed against the gravity of the control interest.

Excluded information 

Even where seizure is lawful, the Tax Agency may not examine documents outside the audit's scope or documents subject to the seizure prohibition, covering, among other things, legally privileged communications. The taxpayer may request exclusion at any time; disputes are resolved by the administrative court.

The Tax Agency's guidance further addresses seizure directed at third parties, such as banks, insurance companies, or telecommunications operators, governed by confidentiality regimes outside the Tax Agency's own framework. Documents with a significant protection interest must be excluded where that interest outweighs the control purpose, providing a practical safeguard against inadvertent capture of private banking data or subscriber information when a device or account is seized.

Cloud services

In HFD 2021 ref. 23, the Supreme Administrative Court held that the evidence seizure provisions cover documents in physical spaces, including electronic documents on devices at known locations that can be specified in the decision. Documents stored in cloud services at an unlocalisable physical storage location fall outside this framework. The decision confirmed the strict legality principle: coercive measures affecting constitutional rights cannot be extended by analogy.

Extending the reach

A legislative proposal published in February 2026 (prop. 2025/26:107) and approved in March 2026, directly addresses the perceived gap exposed by HFD 2021 ref. 23. From 1 July 2026, the prohibition on inspections via telecommunications networks is removed, and a new measure - remote evidence seizure - enters into force.

Remote evidence seizure allows the Tax Agency to search for and copy documents in a readable information system, covering computers, mobile phones, tablets, cloud storage accounts, and e-mail platforms, without specifying their physical storage location. It may be ordered where the taxpayer has not complied with a production order or where there is a palpable risk of sabotage. Where necessary to execute such a decision, the Agency may also search for and seize technical aids, expressly including mobile phones, from the person under audit or their representative. Access to information systems may only be obtained through authentication using available credentials; exploiting security vulnerabilities or circumventing system protections is expressly prohibited.

The Swedish Bar Association has criticised the reform as insufficiently reasoned, arguing that the proposal does not provide an adequate basis for assessing whether the expected enforcement gains are proportionate to the restrictions imposed on legal certainty and personal integrity.

Conclusion

The Tax Agency's evidence seizure powers have always extended to digital media and mobile phones physically present at known locations. The changes effective 1 July 2026 broaden this to include remotely hosted data and the seizure of technical aids. Private mobile phones sit at the intersection of all these considerations, and the extent to which business and personal data can be meaningfully separated in practice remains the most sensitive - and unresolved - aspect of the new framework.

The Norwegian Supreme Court's ruling naturally raises the question of what access the Danish Tax Administration has to the contents of private mobile phones during an administrative tax audit. The short answer is that Danish law is significantly more restrictive.

Legal basis for exercising an inspection

The Danish Tax Administration's powers of inspection derive primarily from section 54 of the Tax Control Act (Da. Skattekontrolloven) and section 56 of the Tax Reporting Act (Da. Skatteindberetningsloven), which grant access to the business operator's premises and workplaces, as well as the right to examine accounting records and other relevant documents, including those held in electronic form. However, the provisions are tied to "the business operator/person liable to report" and their "accounting records etc." and "the basis for the information to be reported", and do not grant a general right of access to the private devices of individuals.

Disclosure is not the same as mirroring

There is an ongoing debate in Denmark regarding the Danish Tax Administration's access to data mirroring of, amongst other things, hard drives. As an example, a bill to grant the Tax Administration the legal authority to carry out full mirroring of hard drives was previously withdrawn, because such access was considered likely to give the Danish Tax Administration access to large quantities of irrelevant and purely private information, and thereby potentially conflict with Article 8 ECHR, principles of data protection and administrative law. This was including section 32 of the Public Administration Act (Da. Forvaltningsloven), which explicitly states that public authorities must not obtain confidential information that is not relevant to the performance of their duties.

Where an audit extends to the investigation of criminal offences, the requirements are even stricter. Section 10 of the Act on Legal Certainty in the Administration's Use of Coercive Measures and Disclosure Obligations (Da. Retssikkerhedsloven) provides that disclosure obligations cannot be imposed on a person who is specifically suspected of an offence. Access to private devices in such cases will require a search warrant under section 793 of the Administration of Justice Act (Da. Retsplejeloven), with all the safeguards applicable to criminal proceedings.

Summary

There are no Danish statutory provisions that expressly grant the Danish Tax Administration the right to copy and examine a private mobile phone as part of a routine administrative tax audit in the absence of suspicion of a criminal offence. Nor is there any case law to support that the Tax Administration should hold such a right. Whereas the Norwegian Supreme Court has accepted that the tax authorities may, under certain conditions and with procedural safeguards, carry out such copying, the Danish approach is rather more cautious. This was clearly illustrated by the withdrawal of the data mirroring bill.