Federal Constitutional Court - Press office -
Press release no. 11/2010 of 2 March 2010
Judgment of 2 March 2010
– 1 BvR 256/08, 1 BvR 263/08, 1 BvR 586/08 –
Data retention unconstitutional in its present form
The constitutional complaints challenge §§ 113a, 113b of the
Telecommunications Act (Telekommunikationsgesetz – TKG) and § 100g of
the Code of Criminal Procedure (Strafprozessordnung – StPO) to the
extent that the latter permits the collection of data stored pursuant to
§ 113a TKG. The provisions were introduced by the Act for the Amendment
of Telecommunications Surveillance (Gesetz zur Neuregelung der
Telekommunikationsüberwachung) of 21 December 2007.
§ 113a TKG provides that the providers of publicly accessible
telecommunications services have a duty to store virtually all traffic
data of telephone services (fixed network, mobile communications, fax,
SMS, MMS), email services and Internet services without occasion, by way
of precaution. The duty of storage essentially extends to all
information that is necessary in order to reconstruct who communicated
or attempted to communicate when, how long, to whom, and from where. In
contrast, the contents of the communication, and consequently the
details of what Internet pages are visited by users, are not to be
stored. At the end of the six months in which the duty of storage
exists, the data are to be deleted within one month.
§ 113b TKG governs the possible purposes for which these data may be
used. This provision is a linking provision: it does not itself contain
an authorisation of data retrieval, but merely broadly designates
intended uses that are possible in general; these are to be put in
concrete terms by provisions of specific branches of law passed by the
Federal Government and the Länder (states). In sentence 1, half-sentence
1, the possible purposes of the direct use of the data are listed: the
prosecution of criminal offences, the warding off of substantial dangers
to public security and the performance of intelligence tasks.
Half-sentence 2 permits in addition the indirect use of the data for
information under § 113.1 TKG in the form of a claim to information from
the service providers in order to identify IP addresses. This provides
that if authorities already know an IP address – for example from a
criminal complaint or from their own investigations – they may demand
information as to the user to whom this address was allocated. The
legislature permits this for the purposes of the prosecution of criminal
offences and regulatory offences and the warding off of danger
independently of more specific definitions; in this connection, there is
neither a requirement of judicial authority nor a duty of notification.
§ 100g StPO putting § 113b sentence 1 half-sentence 1 no. 1 TKG into
specific terms governs the direct use for criminal prosecution of the
data stored by way of precaution. But taken as a whole, the provision is
broader and governs all access to telecommunication traffic data
whatsoever. It therefore permits – and originally only permitted –
access to connection data that are stored by the service providers for
other reasons (for example in order to carry out business transactions).
The legislature has decided not to differentiate in this respect between
the use of the data stored by way of precaution under § 113a TKG and
other traffic data. It permits even the retained data to be used
independently of an exhaustive list of criminal offences of substantial
weight, and in addition to this – pursuant to an examination of
proportionality based on the individual case – also to be used generally
to prosecute criminal offences that are committed by the means of
telecommunications. There must be a prior judge’s decision, and the Code
of Criminal Procedure also provides for duties of notification and
subsequent judicial relief in this connection.
The challenged provisions implement Directive 2006/24/EC of the European
Parliament and the Council on the retention of data of the year 2006.
This Directive provides that the providers of telecommunications
services must be put under an obligation to store the data described in
§ 113a of the Telecommunications Act for a minimum of six months and a
maximum of two years and to keep them available for the prosecution of
serious criminal offences. The Directive contains no more detailed
provision on the use of the data; the data protection measures are also
largely left to the Member States.
Under the temporary injunctions of the First Senate of the Federal
Constitutional Court (Press Releases nos. 37/2008 of 19 March 2008 and
92/2008 of 6 November 2008), the data stored under § 113a TKG were
initially permitted to be communicated by the telecommunications service
providers to the requesting authority, for the purpose of criminal
prosecution under § 113b sentence 1 no. 1 TKG, only subject to the
provisos contained in the temporary injunction;, to ward off danger (§
113b sentence 1 no. 2 TKG), the data stored under § 113a TKG were
permitted to be communicated to the requesting authority only subject to
restrictive conditions.
The complainants are of the opinion that data retention above all
infringes the secrecy of telecommunications and the right to
informational self-determination. They regard the storage of all
telecommunications connections without occasion as disproportionate.
They assert in particular that the stored data could be used to create
personality profiles and track people’s movements. One complainant, who
offers an Internet anonymisation service, submits that the costs of the
data storage disproportionately disadvantage the freedom of occupation
of telecommunications service providers.
The First Senate of the Federal Constitutional Court held that the
provisions of the TKG and of the StPO on data retention are not
compatible with Article 10.1 of the Basic Law (Grundgesetz – GG).
Admittedly, a duty of storage to the extent provided is not
automatically unconstitutional at the outset. However, it is not
structured in a manner adapted to the principle of proportionality. The
challenged provisions guarantee neither adequate data security nor an
adequate restriction of the purposes of use of the data. Nor do they in
every respect satisfy the constitutional requirements of transparency
and legal protection. The provision is therefore as a whole
unconstitutional and void.
The decision is essentially based on the following considerations:
Admissibility:
The constitutional complaints are not inadmissible where the challenged
provisions were promulgated in implementation of Directive 2006/24/EC.
The complainants seek a referral by the Federal Constitutional Court to
the European Court of Justice, in order that the latter may make a
preliminary ruling under Article 267 of the Treaty on the Functioning of
the European Union (formerly Article 234 of the Treaty Establishing the
European Economic Community) declaring the Directive void and thus
opening the way for a review of the challenged provisions by the
standard of German fundamental rights, the complainants having been
unable to assert this before the non-constitutional courts because their
constitutional complaints directly challenged the implementing Act. In
this way, at all events, a review of the challenged provisions by the
standard of the fundamental rights of the Basic Law as sought by the
complainants is not excluded at the outset.
Whether the complaint is well-founded:
1. No proceedings for a preliminary ruling before the European Court of
Justice
A referral to the European Court of Justice is out of the question,
since a potential priority of Community law is not relevant. The
validity of Directive 2006/24/EC and a priority of Community law over
German fundamental rights which might possibly result from this are not
relevant to the decision. The contents of the Directive give the Federal
Republic of Germany a broad discretion. Its provisions are essentially
limited to the duty of storage and its extent, and do not govern access
to the data or the use of the data by the Member States’ authorities.
With these contents, the Directive can be implemented in German law
without violating the fundamental rights of the Basic Law. The Basic Law
does not prohibit such storage in all circumstances.
2. Area of protection of Article 10.1 GG
The challenged provisions even with respect to the storage of Internet
access data and the authorisation to give information under § 113b
sentence 1 half-sentence 2 TKG – encroach on the area of protection of
Article 10.1 GG (secrecy of telecommunications). The fact that the
storage is effected by private service providers does not prevent this,
since the service providers are merely used by the state authorities as
helpers to carry out their duties.
3. Possibility of storage of telecommunications traffic data without
occasion
Storage of telecommunications traffic data without occasion for six
months for strictly limited uses in the course of prosecution, the
warding off of danger and intelligence service duties, as is provided by
§§ 113a, 113b TKG, is not in itself incompatible with Article 10 of the
Basic Law. If legislation is drafted in a way that takes sufficient
account of the encroachment contained in this, storage of
telecommunications traffic data without occasion is not as such
automatically subject to the strict prohibition of data retention within
the meaning of the case-law of the Federal Constitutional Court. If
storage is integrated into a legislative structure which is appropriate
to the encroachment, it is capable of satisfying the proportionality
requirements.
Admittedly, such storage constitutes a particularly serious encroachment
with an effect broader that anything in the legal system to date. Even
though the storage does not extend to the contents of the
communications, these data may be used to draw content-related
conclusions that extend into the users’ private sphere. In combination,
the recipients, dates, time and place of telephone conversations, if
they are observed over a long period of time, permit detailed
information to be obtained on social or political affiliations and on
personal preferences, inclinations and weaknesses. Depending on the use
of the telecommunication, such storage can make it possible to create
meaningful personality profiles of virtually all citizens and track
their movements. It also increases the risk of citizens to be exposed to
further investigations without themselves having given occasion for
this. In addition, the possibilities of abuse that are associated with
such a collection of data aggravate its burdensome effect. In particular
since the storage and use of data are not noticed, the storage of
telecommunications traffic data without occasion is capable of creating
a diffusely threatening feeling of being watched which can impair a free
exercise of fundamental rights in many areas.
Nevertheless, such storage can under specific conditions be compatible
with Article 10.1 GG. The first relevant factor is that the intended
storage of the telecommunications traffic data is realised not directly
by the state, but by imposing a duty on the private service providers.
In this way, the data are not yet combined at the point of storage
itself, but remain distributed over many individual enterprises and are
not directly available to the state as a conglomerate. Nor does storage
of the telecommunications traffic data for six months appear to be a
measure directed towards total recording of the citizens’ communications
or activities as a whole. Instead, it takes up, in a limited manner, the
special signification of telecommunication in the modern world and
reacts to the specific potential danger associated with this. For
effective criminal prosecution and warding off of danger, therefore, a
reconstruction of telecommunications connections is of particular
importance.
For storage of telecommunications traffic data without occasion by way
of precaution to be constitutionally unobjectionable, this procedure
must remain an exception to the rule. It is part of the constitutional
identity of the Federal Republic of Germany that the citizens’ enjoyment
of freedom may not be totally recorded and registered, and the Federal
Republic must endeavour to preserve this in European and international
connections. Precautionary storage of telecommunications traffic data
also considerably reduces the latitude for further data collections
without occasion, including collections by way of European Union law.
4. Proportionality of the legislative formulation of the provision
(standards)
In view of the particular weight of precautionary storage of
telecommunications traffic data, such storage is compatible with Article
10.1 GG only if its formulation satisfies particular constitutional
requirements. In this respect, there must be sufficiently sophisticated
legislation with well-defined provisions on data security, in order to
restrict the use of data, and for transparency and legal protection.
Demands of data security:
In view of the scope and the potential probative strength of the
retained data gathered by such storage, data security is of great
importance for the proportionality of the challenged provisions. There
is a need for legislation which provides for a particularly high degree
of security, whose essential provisions are at all events well-defined
and legally binding. In this connection the legislature is free to
entrust a regulatory agency with the technicalities of putting the
prescribed standard into concrete terms. In this process, however, the
legislature must ensure that the decision as to the nature and degree of
the protective precautions to be taken does not ultimately lie without
supervision in the hands of the respective telecommunications providers.
Requirements of the direct use of data:
In view of the importance of data storage, a use of the data comes into
consideration only for paramount tasks of the protection of legal
interests.
From this it follows for the prosecution of crimes that if the data are
to be retrieved, there must at least be the suspicion of a criminal
offence, based on specific facts, that is serious even in an individual
case. Together with the obligation to store data, the legislature must
provide an exhaustive list of the criminal offences that are to apply
here.
For warding off danger, it follows from the principle of proportionality
that a retrieval of the telecommunications traffic data stored by way of
precaution may only be permitted if there is a sufficiently evidenced
concrete danger to the life, limb or freedom of a person, to the
existence or the security of the Federal Government or of a Land (state)
or to ward off a common danger. These requirements apply in the same way
to the use of the data by the intelligence services, since this is also
a form of prevention of danger. This means, admittedly, that in many
cases the intelligence services will probably not be able to use the
data. However, this results from the nature of their tasks in advance
intelligence and does not create a constitutionally acceptable occasion
to relax the requirements for an encroachment of this kind that arises
from the principle of proportionality.
As a product of the principle of proportionality, it is also
constitutionally required that there should be a fundamental prohibition
of transmission of data, at least for a narrowly defined group of
telecommunications connections which rely on particular confidentiality.
These might include, for example, connections to persons, authorities
and organisations in the social or ecclesiastical fields which offer
advice in situations of emotional or social need, completely or
predominantly by telephone, to callers who normally remain anonymous,
where these organisations themselves or their staff are subject to other
obligations of confidentiality in this respect.
Requirements of the transparency of data transmission:
The legislature must pass effective transparency provisions in order to
counteract the diffuse sense of threat which may be conveyed to citizens
by the storage and use of data which in itself is not perceptible. These
include the principle that the collection and use of personal data
should be open. The data may be constitutionally used without the
knowledge of the person affected only if otherwise the purpose of the
investigation served by the retrieval of data would be frustrated. The
legislature may in principle assume that this is the case for warding
off danger and carrying out the duties of the intelligence services. In
contrast, in criminal prosecution there is also the possibility that
data may be collected and used openly. There may only be a provision for
secret use of the data here if such use is necessary and is ordered by a
judge in the individual case. Insofar as the use of the data is secret,
the legislature must provide for a duty of information, at least
subsequently. This must guarantee that the persons to whom a request for
data retrieval directly applied are in principle informed, at least
subsequently. Exceptions to this require judicial supervision.
Requirements of legal protection and on sanctions:
Transmission and use of the stored data must in principle be subjected
to judicial authority. Where persons affected had no opportunity before
the measure was carried out to defend themselves against the use of
their telecommunications traffic data, they must be given the
possibility of subsequent judicial control.
A legislative formulation that is not disproportionate also requires
effective sanctions for violations of rights. If even serious breaches
of the secrecy of telecommunications were ultimately to remain without
sanction, with the result that the protection of the right of
personality atrophied in view of the immaterial nature of this right,
this would contradict the duty of the state to enable individuals to
develop their personality and to protect them against third-party
threats to the right of personality. However, in this connection the
legislature has a wide legislative discretion. In this respect it may
also take account of the fact that in the case of serious violations of
the right of personality, the current law may already provide for
prohibitions of use on the basis of a weighing of interests, and for
liability for intangible damage, and it may therefore initially consider
whether applicable law possibly takes sufficient account of the
particular severity of the violation of personality which the
unjustified acquisition or use of the data in question here usually
constitutes.
Requirements of the indirect use of the data to identify IP addresses:
Less stringent constitutional standards apply to a use of the data
stored by way of precaution which is only indirect, in the form of
official rights to information from the service providers with regard to
the owners of particular IP addresses which are already known. In this
process, it is important on the one hand that the authorities do not
themselves acquire any knowledge of the data to be stored by way of
precaution. In connection with such rights of information, the
authorities do not themselves retrieve the data that have been stored by
way of precaution without occasion, but are merely given personal
information on the owner of a particular connection, who is determined
by the service providers by recourse to these data. It is not possible
to carry out systematic investigation over a long period of time or to
prepare personality profiles and track people’s movements on the basis
of such information alone. It is also crucial that for such information
only a small section of the data, which is determined in advance, is
used; the storage of these particular data is not a serious encroachment
in itself and it could therefore be ordered subject to far less strict
requirements.
However, creating official rights to information in order to identify IP
addresses is also of substantial importance. In doing this, the
legislature influences the conditions of communication in the Internet
and limits its anonymity. On this basis, in conjunction with the
systematic storage of Internet access data for previously established IP
addresses, it is possible to a great extent to establish the identity of
Internet users.
Within the legislative discretion it has in this connection, the
legislature may also allow such information to be given, even
independently of the limits imposed by specific offences or by lists of
legal interests, for the prosecution of criminal offences, for the
warding off of danger and for the performance of duties of the
intelligence services on the basis of general authorisations to encroach
provided by specific branches of law. Admittedly, with regard to the
threshold of interference, it must be ensured that information is not
obtained at random, but only on the basis of a sufficient initial
suspicion or of a concrete danger on the basis of facts relating to the
individual case. For information of this kind, it is not necessary to
provide for a requirement of judicial authority; however, the persons
affected must be informed when such information is obtained. Such
information may also not be admitted in general and without restriction
in order to prosecute or prevent any regulatory offence whatsoever. For
anonymity in the Internet to be lifted, there must at least be an
adverse effect on a legal interest, and the legal system must accord
particular significance to this adverse effect in other contexts too.
This does not completely exclude such information to be given to
prosecute or prevent regulatory offences. But they must be regulatory
offences that are particularly serious – even in an individual case –
and they must be expressly named by the legislature.
Responsibility for drafting the provisions:
The constitutionally required guarantee of data security and of a
limitation of the use of the data in well-defined provisions that
satisfy the requirements of proportionality is an inseparable element of
an order imposing a duty of storage and is therefore the duty of the
Federal legislature, under Article 73.1 no. 7 GG. These include not only
the provisions on the security of the stored data but also the
provisions on the security of the transmission of the data, and the
guarantee that confidential relations are protected when this is done.
In addition, the Federal legislature must also ensure that there is a
sufficiently precise limitation of the purposes of data use served by
the storage which satisfies constitutional requirements. In contrast,
the responsibility for creating the retrieval provisions themselves and
for drafting the provisions on transparency and legal protection is
governed by the fields of expertise of those involved. In the area of
warding off danger and of the duties of the intelligence services, the
responsibility is thus largely with the Länder.
5. The individual provisions (application of the standards)
The challenged provisions do not satisfy these requirements. § 113a TKG
is not unconstitutional simply because the scope of the duty of storage
might be disproportionate from the outset. But the provisions on data
security, on the purposes and the transparency of the use of data and on
legal protection do not satisfy the constitutional requirements. In
consequence, the whole legislation lacks a structure complying with the
principle of proportionality. §§ 113a, 113b TKG and § 100g StPO, insofar
as the latter permits the retrieval of the data to be stored under §
113a TKG, are therefore incompatible with Article 10.1 GG.
Data security:
Even the necessary guarantee of a particularly high standard of data
security is missing. The Act essentially refers only to the care
generally needed in the field of telecommunications (§ 113a.10 TKG) and
in doing so qualifies the security requirements in a way that remains
undefined by introducing general considerations of economic adequacy in
the individual case (§ 109. 2 sentence 4 TKG). Here, putting the
measures in more specific terms is left to the individual
telecommunications service providers, which in turn have to offer the
services subject to the conditions of competition and cost pressure. In
this respect, the persons with a duty of storage are neither required in
a manner that can be enforced to use the instruments suggested by the
experts in the present proceedings to guarantee data security (separate
storage, asymmetric encryption, the four-eyes principle in conjunction
with advanced authentication procedures for access to the keys,
audit-proof recording of access and deletion), nor is a comparable level
of security otherwise guaranteed. Nor is there a balanced system of
sanctions that attributes no less weight to violations of data security
than to violations of the duties of storage themselves.
Direct use of the data for criminal prosecution:
The provisions on the use of the data for criminal prosecution are also
incompatible with the standards developed from the principle of
proportionality. § 100g.1 sentence 1 no. 1 StPO does not ensure that in
general and also in the individual case only serious criminal offences
may be the occasion for collecting the relevant data, but –
independently of an exhaustive list – merely generally accepts criminal
offences of substantial weight as sufficient. § 100g.1 sentence 1 no. 2,
sentence 2 StPO satisfies the constitutional standards even less, in
that it accepts every criminal offence committed by means of
telecommunications, regardless of its seriousness, as the possible
trigger for data retrieval, depending on a general assessment in the
course of a review of proportionality. This provision makes the data
stored under § 113a TKG usable with regard to virtually all criminal
offences. As a result, in view of the increasing importance of
telecommunications in everyday life, the use of these data loses its
exceptional character. Here, the legislature no longer confines itself
to the use of data to prosecute serious criminal offences, but goes far
beyond this, and thus far beyond the objective of data storage specified
by EU law.
Nor does § 100g StPO comply with the constitutional requirements, in
that it permits data retrieval not merely for individual cases to be
sustained by a judge, but as a general rule even without the knowledge
of the person affected (§ 100g.1 sentence 1 StPO).
In contrast, the judicial control of data retrieval and data use and the
provisions for the duties of notification are essentially guaranteed in
a manner that satisfies the constitutional requirements. Under § 100g.2
sentence 1, § 100b.1 sentence 1 StPO, the collection of the data stored
under § 113a TKG requires a judicial order. In addition, under § 101
StPO there are differentiated duties of notification and the possibility
subsequently to arrange a judicial review of the lawfulness of the
measure. It is not apparent that these provisions do not, as a whole,
guarantee effective legal protection. However, the lack of judicial
monitoring of a failure to inform under § 101.4 StPO is constitutionally
objectionable.
Direct use of the data to ward off danger and for the tasks of the
intelligence services:
The very structure of § 113b sentence 1 nos. 2 and 3 TKG does not
satisfy the requirements of sufficient limitation of the purposes of
use. In this provision, the Federal legislature contents itself with
sketching in a merely general manner the fields of duty for which data
retrieval in accordance with later legislation, in particular
legislation of the Länder, is to be possible. In this way it does not
satisfy its responsibility for the constitutionally required limitation
of the purposes of use. Instead, by giving the service providers a duty
of precautionary storage of all telecommunications traffic data, at the
same time combined with the release of these data to be used by the
police and the intelligence services as part of virtually all their
tasks, the Federal legislature creates a data pool open to manifold and
unlimited uses to which – restricted only by broad objectives – recourse
may be had, in each case on the basis of decisions of the Federal and
Länder legislatures. The supply of such a data pool with an open purpose
removes the necessary connection between storage and purpose of storage
and is incompatible with the constitution.
The formulation of the use of the data stored under § 113a TKG is also
disproportionate in that no protection of confidential relations is
provided for the transmission. At least for a narrowly defined group of
telecommunications connections which rely on particular confidentiality,
such a protection is fundamentally required.
Indirect use of the data for information of the service providers:
§ 113b sentence 1 half-sentence 2 TKG also does not satisfy the
constitutional requirements in every respect. Admittedly there are no
objections to the fact that this provision permits information
independently of a list of criminal offences or legal interests.
However, it is not compatible with the constitution that such
information is also made possible for the general prosecution of
regulatory offences, without further limitation. In addition, there are
no duties of notification following the provision of such information.
6. Compatibility with Article 12 GG
In contrast, the challenged provisions do not give rise to any
constitutional objections with regard to Article 12.1 GG, to the extent
that a decision has to be made in these proceedings in this respect. The
imposition of a duty of storage is not typically excessively burdensome
for the service providers affected. In particular, the duty of storage
is not disproportionate with regard to the financial burdens incurred by
the enterprises as a result of the duty of storage under § 113a TKG and
the duties consequential on this, such as the guarantee of data
security. Within its discretion, which is broad in this connection, the
legislature is not restricted to engaging private persons only if their
occupation can directly cause dangers or they have direct liability for
these dangers. Instead, it is sufficient in this connection if there is
a close relationship in terms of subject-matter and in terms of
responsibility between the person’s occupation and the duty imposed.
There are therefore no fundamental objections to the cost burdens
incurred by the persons with a duty of storage. In this way, the
legislature shifts the costs associated with the storage as a whole onto
the market, corresponding to the privatisation of the telecommunications
sector. Just as the telecommunications enterprises can use the new
opportunities of telecommunications technology to make profits, they
must also assume the costs of containing the new security risks that are
associated with telecommunications and must include them in their
prices.
7. Voidness of the challenged provisions
The violation of the fundamental right to protection of the secrecy of
telecommunications under Article 10.1 GG makes §§ 113a and 113b TKG
void, as it does § 100g.1 sentence 1 StPO insofar as traffic data under
§ 113a TKG may be collected under this provision. The challenged norms
are therefore to be declared void, their violation of fundamental rights
having been established (see § 95.1 sentence 1 and § 95.3 sentence 1 of
the Federal Constitutional Court Act (Bundesverfassungsgerichtsgesetz).
The decision was unanimous as regards its result with regard to the
questions of EU law, of formal constitutionality and of the fundamental
compatibility of precautionary storage of telecommunications traffic
data with the constitution. With regard to the assessment of §§ 113a and
113b TKG as unconstitutional, it was passed by seven votes to one as
regards its result, and with regard to further questions of substantive
law it was passed by six votes to two, to the extent shown in the
dissenting opinions.
The Senate decided by four votes to four that the provisions are to be
declared void under § 95.3 sentence 1 of the Federal Constitutional
Court Act, and not merely incompatible with the Basic Law. Accordingly,
it is not possible for the provisions to continue in effect in a
restricted scope; instead, the statutory consequence is an annulment.
Dissenting opinion of Judge Schluckebier:
1. The storage of the traffic data by the service providers for a period
of six months is not an encroachment on the fundamental right of Article
10.1 GG of such weight that it could be classified as “particularly
serious” and thus equivalent to a direct encroachment by the state on
the contents of communications. The traffic data remain in the sphere of
the private service providers on whose servers, for technical reasons,
they are recorded and of whom the individual telecommunications user can
expect by reason of their contractual relationship that the data are
treated with strict confidence in the providers’ sphere and protected.
If state of the art data security is guaranteed, there is therefore also
no objectifiable basis for the assumption that the citizen could feel
intimidated as a result of the storage. The storage does not extend to
the contents of the telecommunications. When the encroachment is
weighed, therefore, a perceptible distance must be observed to
particularly serious encroachments such as those that occur in the
acoustic surveillance of living quarters, in monitoring of the contents
of telecommunications or in what is known as online search of IT systems
by the direct access of state bodies; in the case of these, there is a
particular risk that the core area of private life, which enjoys
absolute protection, is affected. Here, a particularly invasive
encroachment is not the mere storage of the traffic data by the service
provider, but the actual retrieval and the use of the traffic data by
state agencies in the individual case on the legal bases that permit
this; this, and also a judge’s order for traffic data to be collected,
are in turn subject to the strict requirements of proportionality.
2. The challenged provisions are fundamentally not inappropriate, and
they are reasonable for the persons affected and thus proportionate in
the narrow sense. In legislating for the duty to store
telecommunications traffic data for a period of six months, for a
provision as to the purpose of use and a criminal-procedure provision
for collection of data, the legislature has remained within the
legislative limits accorded to it constitutionally. The state’s duty to
protect its citizens includes the duty to take suitable measures in
order to prevent injury to legal interests or to investigate such injury
and to attribute responsibility for injuries to legal interests. In this
sense, guaranteeing the protection of citizens and of their fundamental
rights and the foundations of the community, and the prevention and
investigation of serious criminal offences, are all among the
requirements for peaceful coexistence and the citizens’ untroubled
enjoyment of their fundamental rights. The effective investigation of
crimes and effective warding off of danger are therefore not in
themselves a threat to the freedom of citizens.
In the conflicting relationship between the state’s duty to protect
legal interests and the individuals’ interest in the safeguarding of
their rights guaranteed by the constitution, it is the initial task of
the legislature to proceed in an abstract manner and achieve a balance
between the conflicting interests. In doing this, it has latitude for
assessment and drafting. In this connection it was the goal of the
legislature to take account of the irrefutable needs of an effective,
constitutional administration of criminal justice in view of a
fundamental change in the possibilities of communication and of the
communicative behaviour of people in recent years. This goal cannot be
achieved unless the facts necessary for the investigation can be
ascertained. In this connection, the legislature assumed that
telecommunications traffic data above all, because of the technical
development towards more flat-rate connections, either are not stored at
all or are deleted before a judge’s order for the issuing of information
can be obtained, or even before the information necessary for an
application for such an order has been obtained. The majority of the
Senate, in the review as to whether the storage of traffic data is
suitable and necessary, does take into account that virtually all areas
of life have been invaded by electronic or digital means of
communication and therefore in certain areas this hinders the
prosecution of criminal offences and also the warding off of danger; but
in the review of proportionality in the narrow sense it does not attach
sufficient weight to them in under the aspect of appropriateness and
reasonableness.
In this way, the majority of the Senate virtually completely restricts
the legislature’s latitude for assessment and drafting, which would
permit it to pass appropriate and reasonable provisions in the field of
the investigation of crimes and the warding off of danger for the
protection of the population. In this way it also fails to take
sufficient account of the requirement of judicial self-restraint with
regard to conceptual decisions of the democratically legitimated
legislature. The judgment finds that a storage duration of six months –
that is, the minimum period called for by the EC Directive – is at the
upper limit and at best capable of being constitutionally justified,
dictates to the legislature the technical rule that the provision on the
purpose of use must at the same time contain the requirements for
access, restricts the legislature to reliance on a list of offences in
criminal law, excludes the possibility of using the traffic data even to
solve criminal offences that are difficult to investigate and were
committed by use of the means of telecommunication, and extends the
duties of notification in a specific manner. Following this, the
legislature no longer has an appreciable discretion to legislate on its
own political responsibility.
In particular, the Senate refuses the legislature the right to retrieve
the traffic data stored under § 113a TKG to investigate criminal
offences that are not contained in the present list of § 100a.2 StPO but
that are of considerable importance in the individual case, and offences
that are committed by means of telecommunications (§ 100g.1 sentence 1
nos. 1 and 2 StPO). With regard to the last-named offences, insufficient
weight is given to the fact that the legislature in these cases has
substantial difficulties in investigation. Since it is the duty of the
legislature to guarantee effective criminal prosecution and not to
permit any substantial gaps in protection, the legislature may not be
prevented from also giving access to the traffic data in the case of
offences that may not be particularly serious but that injure important
legal interests, because in its estimation this is the only way to
prevent de facto legal vacuums and a situation where investigation is
largely ineffective. In addition, when the legislature drafted the
provisions on authorisation for access in criminal procedure, it was
guided by criteria which the Senate approved in its judgment of 12 March
2003 (Decisions of the Federal _Constitutional Court (Entscheidungen des
Bundesverfassungsgerichts – BVerfGE) 107, 299 (322)) on the release of
connection data for telecommunications.
3. In the pronouncement on legal consequences, on the basis of the
constitutional assessment of the majority of the Senate, having recourse
to established case-law of the Federal Constitutional Court,
consideration might well have been given to fixing a time limit for the
legislature to pass new legislation and holding that the existing
provisions could provisionally continue in effect in conformity with the
stipulations of the temporary injunctions granted by the Senate, in
order to avoid considerable shortcomings, in particular in the
investigation of criminal offences, but also in warding off danger.
Dissenting opinion of Judge Eichberger:
The dissenting opinion essentially follows the criticism of Judge
Schluckebier in the assessment of the intensity of the encroachment of
storage of telecommunications traffic data as a violation of Article
10.1 GG. The legislative drafting on which §§ 113a, 113b TKG are based,
creating a sliding scale of legislative responsibility for the order of
storage on the one hand and the retrieval of data on the other hand, is
fundamentally in conformity with the constitution. This applies in
particular to the use of the data stored under § 113a TKG, which is
governed by § 100g StPO, for purposes of criminal prosecution. The
legislature is not obliged to measure the proportionality of the
provisions on retrieval solely by the greatest possible encroachment of
a comprehensive form of data retrieval which ultimately aims to create a
social profile of the citizen affected or to track his or her movements;
instead, it may take account of the fact that many instances of data
retrieval have far less weight, and the competent judge must decide in
the individual case on their reasonableness.
This press release is also available in the original german version.
|
