Bundesverfassungsgericht

You are here:

Data retention unconstitutional in its present form

Press release No. 11/2010 of 02 March 2010

Judgment of 02 March 2010
1 BvR 256/08, 1 BvR 263/08, 1 BvR 586/08

The constitutional complaints challenge §§ 113a, 113b of the Telecommunications Act (Telekommunikationsgesetz - TKG) and § 100g of the Code of Criminal Procedure (Strafprozessordnung - StPO) to the extent that the latter permits the collection of data stored pursuant to § 113a TKG. The provisions were introduced by the Act for the Amendment of Telecommunications Surveillance (Gesetz zur Neuregelung der Telekommunikationsüberwachung) of 21 December 2007.

§ 113a TKG provides that the providers of publicly accessible telecommunications services have a duty to store virtually all traffic data of telephone services (fixed network, mobile communications, fax, SMS, MMS), email services and Internet services without occasion, by way of precaution. The duty of storage essentially extends to all information that is necessary in order to reconstruct who communicated or attempted to communicate when, how long, to whom, and from where. In contrast, the contents of the communication, and consequently the details of what Internet pages are visited by users, are not to be stored. At the end of the six months in which the duty of storage exists, the data are to be deleted within one month.

§ 113b TKG governs the possible purposes for which these data may be used. This provision is a linking provision: it does not itself contain an authorisation of data retrieval, but merely broadly designates intended uses that are possible in general; these are to be put in concrete terms by provisions of specific branches of law passed by the Federal Government and the Länder (states). In sentence 1, half-sentence 1, the possible purposes of the direct use of the data are listed: the prosecution of criminal offences, the warding off of substantial dangers to public security and the performance of intelligence tasks. Half-sentence 2 permits in addition the indirect use of the data for information under § 113.1 TKG in the form of a claim to information from the service providers in order to identify IP addresses. This provides that if authorities already know an IP address - for example from a criminal complaint or from their own investigations - they may demand information as to the user to whom this address was allocated. The legislature permits this for the purposes of the prosecution of criminal offences and regulatory offences and the warding off of danger independently of more specific definitions; in this connection, there is neither a requirement of judicial authority nor a duty of notification.

§ 100g StPO putting § 113b sentence 1 half-sentence 1 no. 1 TKG into specific terms governs the direct use for criminal prosecution of the data stored by way of precaution. But taken as a whole, the provision is broader and governs all access to telecommunication traffic data whatsoever. It therefore permits - and originally only permitted - access to connection data that are stored by the service providers for other reasons (for example in order to carry out business transactions). The legislature has decided not to differentiate in this respect between the use of the data stored by way of precaution under § 113a TKG and other traffic data. It permits even the retained data to be used independently of an exhaustive list of criminal offences of substantial weight, and in addition to this - pursuant to an examination of proportionality based on the individual case - also to be used generally to prosecute criminal offences that are committed by the means of telecommunications. There must be a prior judge's decision, and the Code of Criminal Procedure also provides for duties of notification and subsequent judicial relief in this connection.

The challenged provisions implement Directive 2006/24/EC of the European Parliament and the Council on the retention of data of the year 2006. This Directive provides that the providers of telecommunications services must be put under an obligation to store the data described in § 113a of the Telecommunications Act for a minimum of six months and a maximum of two years and to keep them available for the prosecution of serious criminal offences. The Directive contains no more detailed provision on the use of the data; the data protection measures are also largely left to the Member States.

Under the temporary injunctions of the First Senate of the Federal Constitutional Court (Press Releases nos. 37/2008 of 19 March 2008 and 92/2008 of 6 November 2008), the data stored under § 113a TKG were initially permitted to be communicated by the telecommunications service providers to the requesting authority, for the purpose of criminal prosecution under § 113b sentence 1 no. 1 TKG, only subject to the provisos contained in the temporary injunction;, to ward off danger (§ 113b sentence 1 no. 2 TKG), the data stored under § 113a TKG were permitted to be communicated to the requesting authority only subject to restrictive conditions.

The complainants are of the opinion that data retention above all infringes the secrecy of telecommunications and the right to informational self-determination. They regard the storage of all telecommunications connections without occasion as disproportionate. They assert in particular that the stored data could be used to create personality profiles and track people's movements. One complainant, who offers an Internet anonymisation service, submits that the costs of the data storage disproportionately disadvantage the freedom of occupation of telecommunications service providers.

The First Senate of the Federal Constitutional Court held that the provisions of the TKG and of the StPO on data retention are not compatible with Article 10.1 of the Basic Law (Grundgesetz - GG). Admittedly, a duty of storage to the extent provided is not automatically unconstitutional at the outset. However, it is not structured in a manner adapted to the principle of proportionality. The challenged provisions guarantee neither adequate data security nor an adequate restriction of the purposes of use of the data. Nor do they in every respect satisfy the constitutional requirements of transparency and legal protection. The provision is therefore as a whole unconstitutional and void.

The decision is essentially based on the following considerations:

Admissibility:

The constitutional complaints are not inadmissible where the challenged provisions were promulgated in implementation of Directive 2006/24/EC. The complainants seek a referral by the Federal Constitutional Court to the European Court of Justice, in order that the latter may make a preliminary ruling under Article 267 of the Treaty on the Functioning of the European Union (formerly Article 234 of the Treaty Establishing the European Economic Community) declaring the Directive void and thus opening the way for a review of the challenged provisions by the standard of German fundamental rights, the complainants having been unable to assert this before the non-constitutional courts because their constitutional complaints directly challenged the implementing Act. In this way, at all events, a review of the challenged provisions by the standard of the fundamental rights of the Basic Law as sought by the complainants is not excluded at the outset.

Whether the complaint is well-founded:

1. No proceedings for a preliminary ruling before the European Court of Justice

A referral to the European Court of Justice is out of the question, since a potential priority of Community law is not relevant. The validity of Directive 2006/24/EC and a priority of Community law over German fundamental rights which might possibly result from this are not relevant to the decision. The contents of the Directive give the Federal Republic of Germany a broad discretion. Its provisions are essentially limited to the duty of storage and its extent, and do not govern access to the data or the use of the data by the Member States' authorities. With these contents, the Directive can be implemented in German law without violating the fundamental rights of the Basic Law. The Basic Law does not prohibit such storage in all circumstances.

2. Area of protection of Article 10.1 GG

The challenged provisions even with respect to the storage of Internet access data and the authorisation to give information under § 113b sentence 1 half-sentence 2 TKG - encroach on the area of protection of Article 10.1 GG (secrecy of telecommunications). The fact that the storage is effected by private service providers does not prevent this, since the service providers are merely used by the state authorities as helpers to carry out their duties.

3. Possibility of storage of telecommunications traffic data without occasion

Storage of telecommunications traffic data without occasion for six months for strictly limited uses in the course of prosecution, the warding off of danger and intelligence service duties, as is provided by §§ 113a, 113b TKG, is not in itself incompatible with Article 10 of the Basic Law. If legislation is drafted in a way that takes sufficient account of the encroachment contained in this, storage of telecommunications traffic data without occasion is not as such automatically subject to the strict prohibition of data retention within the meaning of the case-law of the Federal Constitutional Court. If storage is integrated into a legislative structure which is appropriate to the encroachment, it is capable of satisfying the proportionality requirements.

Admittedly, such storage constitutes a particularly serious encroachment with an effect broader that anything in the legal system to date. Even though the storage does not extend to the contents of the communications, these data may be used to draw content-related conclusions that extend into the users' private sphere. In combination, the recipients, dates, time and place of telephone conversations, if they are observed over a long period of time, permit detailed information to be obtained on social or political affiliations and on personal preferences, inclinations and weaknesses. Depending on the use of the telecommunication, such storage can make it possible to create meaningful personality profiles of virtually all citizens and track their movements. It also increases the risk of citizens to be exposed to further investigations without themselves having given occasion for this. In addition, the possibilities of abuse that are associated with such a collection of data aggravate its burdensome effect. In particular since the storage and use of data are not noticed, the storage of telecommunications traffic data without occasion is capable of creating a diffusely threatening feeling of being watched which can impair a free exercise of fundamental rights in many areas.

Nevertheless, such storage can under specific conditions be compatible with Article 10.1 GG. The first relevant factor is that the intended storage of the telecommunications traffic data is realised not directly by the state, but by imposing a duty on the private service providers. In this way, the data are not yet combined at the point of storage itself, but remain distributed over many individual enterprises and are not directly available to the state as a conglomerate. Nor does storage of the telecommunications traffic data for six months appear to be a measure directed towards total recording of the citizens' communications or activities as a whole. Instead, it takes up, in a limited manner, the special signification of telecommunication in the modern world and reacts to the specific potential danger associated with this. For effective criminal prosecution and warding off of danger, therefore, a reconstruction of telecommunications connections is of particular importance.

For storage of telecommunications traffic data without occasion by way of precaution to be constitutionally unobjectionable, this procedure must remain an exception to the rule. It is part of the constitutional identity of the Federal Republic of Germany that the citizens' enjoyment of freedom may not be totally recorded and registered, and the Federal Republic must endeavour to preserve this in European and international connections. Precautionary storage of telecommunications traffic data also considerably reduces the latitude for further data collections without occasion, including collections by way of European Union law.

4. Proportionality of the legislative formulation of the provision (standards)

In view of the particular weight of precautionary storage of telecommunications traffic data, such storage is compatible with Article 10.1 GG only if its formulation satisfies particular constitutional requirements. In this respect, there must be sufficiently sophisticated legislation with well-defined provisions on data security, in order to restrict the use of data, and for transparency and legal protection.

Demands of data security:

In view of the scope and the potential probative strength of the retained data gathered by such storage, data security is of great importance for the proportionality of the challenged provisions. There is a need for legislation which provides for a particularly high degree of security, whose essential provisions are at all events well-defined and legally binding. In this connection the legislature is free to entrust a regulatory agency with the technicalities of putting the prescribed standard into concrete terms. In this process, however, the legislature must ensure that the decision as to the nature and degree of the protective precautions to be taken does not ultimately lie without supervision in the hands of the respective telecommunications providers.

Requirements of the direct use of data:

In view of the importance of data storage, a use of the data comes into consideration only for paramount tasks of the protection of legal interests.

From this it follows for the prosecution of crimes that if the data are to be retrieved, there must at least be the suspicion of a criminal offence, based on specific facts, that is serious even in an individual case. Together with the obligation to store data, the legislature must provide an exhaustive list of the criminal offences that are to apply here.

For warding off danger, it follows from the principle of proportionality that a retrieval of the telecommunications traffic data stored by way of precaution may only be permitted if there is a sufficiently evidenced concrete danger to the life, limb or freedom of a person, to the existence or the security of the Federal Government or of a Land (state) or to ward off a common danger. These requirements apply in the same way to the use of the data by the intelligence services, since this is also a form of prevention of danger. This means, admittedly, that in many cases the intelligence services will probably not be able to use the data. However, this results from the nature of their tasks in advance intelligence and does not create a constitutionally acceptable occasion to relax the requirements for an encroachment of this kind that arises from the principle of proportionality.

As a product of the principle of proportionality, it is also constitutionally required that there should be a fundamental prohibition of transmission of data, at least for a narrowly defined group of telecommunications connections which rely on particular confidentiality. These might include, for example, connections to persons, authorities and organisations in the social or ecclesiastical fields which offer advice in situations of emotional or social need, completely or predominantly by telephone, to callers who normally remain anonymous, where these organisations themselves or their staff are subject to other obligations of confidentiality in this respect.

Requirements of the transparency of data transmission:

The legislature must pass effective transparency provisions in order to counteract the diffuse sense of threat which may be conveyed to citizens by the storage and use of data which in itself is not perceptible. These include the principle that the collection and use of personal data should be open. The data may be constitutionally used without the knowledge of the person affected only if otherwise the purpose of the investigation served by the retrieval of data would be frustrated. The legislature may in principle assume that this is the case for warding off danger and carrying out the duties of the intelligence services. In contrast, in criminal prosecution there is also the possibility that data may be collected and used openly. There may only be a provision for secret use of the data here if such use is necessary and is ordered by a judge in the individual case. Insofar as the use of the data is secret, the legislature must provide for a duty of information, at least subsequently. This must guarantee that the persons to whom a request for data retrieval directly applied are in principle informed, at least subsequently. Exceptions to this require judicial supervision.

Requirements of legal protection and on sanctions:

Transmission and use of the stored data must in principle be subjected to judicial authority. Where persons affected had no opportunity before the measure was carried out to defend themselves against the use of their telecommunications traffic data, they must be given the possibility of subsequent judicial control.

A legislative formulation that is not disproportionate also requires effective sanctions for violations of rights. If even serious breaches of the secrecy of telecommunications were ultimately to remain without sanction, with the result that the protection of the right of personality atrophied in view of the immaterial nature of this right, this would contradict the duty of the state to enable individuals to develop their personality and to protect them against third-party threats to the right of personality. However, in this connection the legislature has a wide legislative discretion. In this respect it may also take account of the fact that in the case of serious violations of the right of personality, the current law may already provide for prohibitions of use on the basis of a weighing of interests, and for liability for intangible damage, and it may therefore initially consider whether applicable law possibly takes sufficient account of the particular severity of the violation of personality which the unjustified acquisition or use of the data in question here usually constitutes.

Requirements of the indirect use of the data to identify IP addresses:

Less stringent constitutional standards apply to a use of the data stored by way of precaution which is only indirect, in the form of official rights to information from the service providers with regard to the owners of particular IP addresses which are already known. In this process, it is important on the one hand that the authorities do not themselves acquire any knowledge of the data to be stored by way of precaution. In connection with such rights of information, the authorities do not themselves retrieve the data that have been stored by way of precaution without occasion, but are merely given personal information on the owner of a particular connection, who is determined by the service providers by recourse to these data. It is not possible to carry out systematic investigation over a long period of time or to prepare personality profiles and track people's movements on the basis of such information alone. It is also crucial that for such information only a small section of the data, which is determined in advance, is used; the storage of these particular data is not a serious encroachment in itself and it could therefore be ordered subject to far less strict requirements.

However, creating official rights to information in order to identify IP addresses is also of substantial importance. In doing this, the legislature influences the conditions of communication in the Internet and limits its anonymity. On this basis, in conjunction with the systematic storage of Internet access data for previously established IP addresses, it is possible to a great extent to establish the identity of Internet users.

Within the legislative discretion it has in this connection, the legislature may also allow such information to be given, even independently of the limits imposed by specific offences or by lists of legal interests, for the prosecution of criminal offences, for the warding off of danger and for the performance of duties of the intelligence services on the basis of general authorisations to encroach provided by specific branches of law. Admittedly, with regard to the threshold of interference, it must be ensured that information is not obtained at random, but only on the basis of a sufficient initial suspicion or of a concrete danger on the basis of facts relating to the individual case. For information of this kind, it is not necessary to provide for a requirement of judicial authority; however, the persons affected must be informed when such information is obtained. Such information may also not be admitted in general and without restriction in order to prosecute or prevent any regulatory offence whatsoever. For anonymity in the Internet to be lifted, there must at least be an adverse effect on a legal interest, and the legal system must accord particular significance to this adverse effect in other contexts too. This does not completely exclude such information to be given to prosecute or prevent regulatory offences. But they must be regulatory offences that are particularly serious - even in an individual case - and they must be expressly named by the legislature.

Responsibility for drafting the provisions:

The constitutionally required guarantee of data security and of a limitation of the use of the data in well-defined provisions that satisfy the requirements of proportionality is an inseparable element of an order imposing a duty of storage and is therefore the duty of the Federal legislature, under Article 73.1 no. 7 GG. These include not only the provisions on the security of the stored data but also the provisions on the security of the transmission of the data, and the guarantee that confidential relations are protected when this is done. In addition, the Federal legislature must also ensure that there is a sufficiently precise limitation of the purposes of data use served by the storage which satisfies constitutional requirements. In contrast, the responsibility for creating the retrieval provisions themselves and for drafting the provisions on transparency and legal protection is governed by the fields of expertise of those involved. In the area of warding off danger and of the duties of the intelligence services, the responsibility is thus largely with the Länder.

5. The individual provisions (application of the standards)

The challenged provisions do not satisfy these requirements. § 113a TKG is not unconstitutional simply because the scope of the duty of storage might be disproportionate from the outset. But the provisions on data security, on the purposes and the transparency of the use of data and on legal protection do not satisfy the constitutional requirements. In consequence, the whole legislation lacks a structure complying with the principle of proportionality. §§ 113a, 113b TKG and § 100g StPO, insofar as the latter permits the retrieval of the data to be stored under § 113a TKG, are therefore incompatible with Article 10.1 GG.

Data security:

Even the necessary guarantee of a particularly high standard of data security is missing. The Act essentially refers only to the care generally needed in the field of telecommunications (§ 113a.10 TKG) and in doing so qualifies the security requirements in a way that remains undefined by introducing general considerations of economic adequacy in the individual case (§ 109. 2 sentence 4 TKG). Here, putting the measures in more specific terms is left to the individual telecommunications service providers, which in turn have to offer the services subject to the conditions of competition and cost pressure. In this respect, the persons with a duty of storage are neither required in a manner that can be enforced to use the instruments suggested by the experts in the present proceedings to guarantee data security (separate storage, asymmetric encryption, the four-eyes principle in conjunction with advanced authentication procedures for access to the keys, audit-proof recording of access and deletion), nor is a comparable level of security otherwise guaranteed. Nor is there a balanced system of sanctions that attributes no less weight to violations of data security than to violations of the duties of storage themselves.

Direct use of the data for criminal prosecution:

The provisions on the use of the data for criminal prosecution are also incompatible with the standards developed from the principle of proportionality. § 100g.1 sentence 1 no. 1 StPO does not ensure that in general and also in the individual case only serious criminal offences may be the occasion for collecting the relevant data, but - independently of an exhaustive list - merely generally accepts criminal offences of substantial weight as sufficient. § 100g.1 sentence 1 no. 2, sentence 2 StPO satisfies the constitutional standards even less, in that it accepts every criminal offence committed by means of telecommunications, regardless of its seriousness, as the possible trigger for data retrieval, depending on a general assessment in the course of a review of proportionality. This provision makes the data stored under § 113a TKG usable with regard to virtually all criminal offences. As a result, in view of the increasing importance of telecommunications in everyday life, the use of these data loses its exceptional character. Here, the legislature no longer confines itself to the use of data to prosecute serious criminal offences, but goes far beyond this, and thus far beyond the objective of data storage specified by EU law.

Nor does § 100g StPO comply with the constitutional requirements, in that it permits data retrieval not merely for individual cases to be sustained by a judge, but as a general rule even without the knowledge of the person affected (§ 100g.1 sentence 1 StPO).

In contrast, the judicial control of data retrieval and data use and the provisions for the duties of notification are essentially guaranteed in a manner that satisfies the constitutional requirements. Under § 100g.2 sentence 1, § 100b.1 sentence 1 StPO, the collection of the data stored under § 113a TKG requires a judicial order. In addition, under § 101 StPO there are differentiated duties of notification and the possibility subsequently to arrange a judicial review of the lawfulness of the measure. It is not apparent that these provisions do not, as a whole, guarantee effective legal protection. However, the lack of judicial monitoring of a failure to inform under § 101.4 StPO is constitutionally objectionable.

Direct use of the data to ward off danger and for the tasks of the intelligence services:

The very structure of § 113b sentence 1 nos. 2 and 3 TKG does not satisfy the requirements of sufficient limitation of the purposes of use. In this provision, the Federal legislature contents itself with sketching in a merely general manner the fields of duty for which data retrieval in accordance with later legislation, in particular legislation of the Länder, is to be possible. In this way it does not satisfy its responsibility for the constitutionally required limitation of the purposes of use. Instead, by giving the service providers a duty of precautionary storage of all telecommunications traffic data, at the same time combined with the release of these data to be used by the police and the intelligence services as part of virtually all their tasks, the Federal legislature creates a data pool open to manifold and unlimited uses to which - restricted only by broad objectives - recourse may be had, in each case on the basis of decisions of the Federal and Länder legislatures. The supply of such a data pool with an open purpose removes the necessary connection between storage and purpose of storage and is incompatible with the constitution.

The formulation of the use of the data stored under § 113a TKG is also disproportionate in that no protection of confidential relations is provided for the transmission. At least for a narrowly defined group of telecommunications connections which rely on particular confidentiality, such a protection is fundamentally required.

Indirect use of the data for information of the service providers:

§ 113b sentence 1 half-sentence 2 TKG also does not satisfy the constitutional requirements in every respect. Admittedly there are no objections to the fact that this provision permits information independently of a list of criminal offences or legal interests. However, it is not compatible with the constitution that such information is also made possible for the general prosecution of regulatory offences, without further limitation. In addition, there are no duties of notification following the provision of such information.

6. Compatibility with Article 12 GG

In contrast, the challenged provisions do not give rise to any constitutional objections with regard to Article 12.1 GG, to the extent that a decision has to be made in these proceedings in this respect. The imposition of a duty of storage is not typically excessively burdensome for the service providers affected. In particular, the duty of storage is not disproportionate with regard to the financial burdens incurred by the enterprises as a result of the duty of storage under § 113a TKG and the duties consequential on this, such as the guarantee of data security. Within its discretion, which is broad in this connection, the legislature is not restricted to engaging private persons only if their occupation can directly cause dangers or they have direct liability for these dangers. Instead, it is sufficient in this connection if there is a close relationship in terms of subject-matter and in terms of responsibility between the person's occupation and the duty imposed. There are therefore no fundamental objections to the cost burdens incurred by the persons with a duty of storage. In this way, the legislature shifts the costs associated with the storage as a whole onto the market, corresponding to the privatisation of the telecommunications sector. Just as the telecommunications enterprises can use the new opportunities of telecommunications technology to make profits, they must also assume the costs of containing the new security risks that are associated with telecommunications and must include them in their prices.

7. Voidness of the challenged provisions

The violation of the fundamental right to protection of the secrecy of telecommunications under Article 10.1 GG makes §§ 113a and 113b TKG void, as it does § 100g.1 sentence 1 StPO insofar as traffic data under § 113a TKG may be collected under this provision. The challenged norms are therefore to be declared void, their violation of fundamental rights having been established (see § 95.1 sentence 1 and § 95.3 sentence 1 of the Federal Constitutional Court Act (Bundesverfassungsgerichtsgesetz).

The decision was unanimous as regards its result with regard to the questions of EU law, of formal constitutionality and of the fundamental compatibility of precautionary storage of telecommunications traffic data with the constitution. With regard to the assessment of §§ 113a and 113b TKG as unconstitutional, it was passed by seven votes to one as regards its result, and with regard to further questions of substantive law it was passed by six votes to two, to the extent shown in the dissenting opinions.

The Senate decided by four votes to four that the provisions are to be declared void under § 95.3 sentence 1 of the Federal Constitutional Court Act, and not merely incompatible with the Basic Law. Accordingly, it is not possible for the provisions to continue in effect in a restricted scope; instead, the statutory consequence is an annulment.

Dissenting opinion of Judge Schluckebier:

1. The storage of the traffic data by the service providers for a period of six months is not an encroachment on the fundamental right of Article 10.1 GG of such weight that it could be classified as "particularly serious" and thus equivalent to a direct encroachment by the state on the contents of communications. The traffic data remain in the sphere of the private service providers on whose servers, for technical reasons, they are recorded and of whom the individual telecommunications user can expect by reason of their contractual relationship that the data are treated with strict confidence in the providers' sphere and protected. If state of the art data security is guaranteed, there is therefore also no objectifiable basis for the assumption that the citizen could feel intimidated as a result of the storage. The storage does not extend to the contents of the telecommunications. When the encroachment is weighed, therefore, a perceptible distance must be observed to particularly serious encroachments such as those that occur in the acoustic surveillance of living quarters, in monitoring of the contents of telecommunications or in what is known as online search of IT systems by the direct access of state bodies; in the case of these, there is a particular risk that the core area of private life, which enjoys absolute protection, is affected. Here, a particularly invasive encroachment is not the mere storage of the traffic data by the service provider, but the actual retrieval and the use of the traffic data by state agencies in the individual case on the legal bases that permit this; this, and also a judge's order for traffic data to be collected, are in turn subject to the strict requirements of proportionality.

2. The challenged provisions are fundamentally not inappropriate, and they are reasonable for the persons affected and thus proportionate in the narrow sense. In legislating for the duty to store telecommunications traffic data for a period of six months, for a provision as to the purpose of use and a criminal-procedure provision for collection of data, the legislature has remained within the legislative limits accorded to it constitutionally. The state's duty to protect its citizens includes the duty to take suitable measures in order to prevent injury to legal interests or to investigate such injury and to attribute responsibility for injuries to legal interests. In this sense, guaranteeing the protection of citizens and of their fundamental rights and the foundations of the community, and the prevention and investigation of serious criminal offences, are all among the requirements for peaceful coexistence and the citizens' untroubled enjoyment of their fundamental rights. The effective investigation of crimes and effective warding off of danger are therefore not in themselves a threat to the freedom of citizens.

In the conflicting relationship between the state's duty to protect legal interests and the individuals' interest in the safeguarding of their rights guaranteed by the constitution, it is the initial task of the legislature to proceed in an abstract manner and achieve a balance between the conflicting interests. In doing this, it has latitude for assessment and drafting. In this connection it was the goal of the legislature to take account of the irrefutable needs of an effective, constitutional administration of criminal justice in view of a fundamental change in the possibilities of communication and of the communicative behaviour of people in recent years. This goal cannot be achieved unless the facts necessary for the investigation can be ascertained. In this connection, the legislature assumed that telecommunications traffic data above all, because of the technical development towards more flat-rate connections, either are not stored at all or are deleted before a judge's order for the issuing of information can be obtained, or even before the information necessary for an application for such an order has been obtained. The majority of the Senate, in the review as to whether the storage of traffic data is suitable and necessary, does take into account that virtually all areas of life have been invaded by electronic or digital means of communication and therefore in certain areas this hinders the prosecution of criminal offences and also the warding off of danger; but in the review of proportionality in the narrow sense it does not attach sufficient weight to them in under the aspect of appropriateness and reasonableness.

In this way, the majority of the Senate virtually completely restricts the legislature's latitude for assessment and drafting, which would permit it to pass appropriate and reasonable provisions in the field of the investigation of crimes and the warding off of danger for the protection of the population. In this way it also fails to take sufficient account of the requirement of judicial self-restraint with regard to conceptual decisions of the democratically legitimated legislature. The judgment finds that a storage duration of six months - that is, the minimum period called for by the EC Directive - is at the upper limit and at best capable of being constitutionally justified, dictates to the legislature the technical rule that the provision on the purpose of use must at the same time contain the requirements for access, restricts the legislature to reliance on a list of offences in criminal law, excludes the possibility of using the traffic data even to solve criminal offences that are difficult to investigate and were committed by use of the means of telecommunication, and extends the duties of notification in a specific manner. Following this, the legislature no longer has an appreciable discretion to legislate on its own political responsibility.

In particular, the Senate refuses the legislature the right to retrieve the traffic data stored under § 113a TKG to investigate criminal offences that are not contained in the present list of § 100a.2 StPO but that are of considerable importance in the individual case, and offences that are committed by means of telecommunications (§ 100g.1 sentence 1 nos. 1 and 2 StPO). With regard to the last-named offences, insufficient weight is given to the fact that the legislature in these cases has substantial difficulties in investigation. Since it is the duty of the legislature to guarantee effective criminal prosecution and not to permit any substantial gaps in protection, the legislature may not be prevented from also giving access to the traffic data in the case of offences that may not be particularly serious but that injure important legal interests, because in its estimation this is the only way to prevent de facto legal vacuums and a situation where investigation is largely ineffective. In addition, when the legislature drafted the provisions on authorisation for access in criminal procedure, it was guided by criteria which the Senate approved in its judgment of 12 March 2003 (Decisions of the Federal _Constitutional Court (Entscheidungen des Bundesverfassungsgerichts - BVerfGE) 107, 299 (322)) on the release of connection data for telecommunications.

3. In the pronouncement on legal consequences, on the basis of the constitutional assessment of the majority of the Senate, having recourse to established case-law of the Federal Constitutional Court, consideration might well have been given to fixing a time limit for the legislature to pass new legislation and holding that the existing provisions could provisionally continue in effect in conformity with the stipulations of the temporary injunctions granted by the Senate, in order to avoid considerable shortcomings, in particular in the investigation of criminal offences, but also in warding off danger.

Dissenting opinion of Judge Eichberger:

The dissenting opinion essentially follows the criticism of Judge Schluckebier in the assessment of the intensity of the encroachment of storage of telecommunications traffic data as a violation of Article 10.1 GG. The legislative drafting on which §§ 113a, 113b TKG are based, creating a sliding scale of legislative responsibility for the order of storage on the one hand and the retrieval of data on the other hand, is fundamentally in conformity with the constitution. This applies in particular to the use of the data stored under § 113a TKG, which is governed by § 100g StPO, for purposes of criminal prosecution. The legislature is not obliged to measure the proportionality of the provisions on retrieval solely by the greatest possible encroachment of a comprehensive form of data retrieval which ultimately aims to create a social profile of the citizen affected or to track his or her movements; instead, it may take account of the fact that many instances of data retrieval have far less weight, and the competent judge must decide in the individual case on their reasonableness.