You are here:
|The following abstract was prepared by the Federal Constitutional Court and submitted for publication to the CODICES database maintained by the Venice Commission. Abstracts published by the Venice Commission summarise the facts of the case and key legal considerations of the decision. For further information, please consult the CODICES database.|
|Please cite the abstract as follows:|
|Abstract of the German Federal Constitutional Court’s Order of 13 November 2010, 2 BvR 1124/10 [CODICES]|
|When referring to the original decision, please follow the suggested form of citation for decisions of the Court.|
|Second Chamber of the Second Senate|
Order of 13 November 2010
2 BvR 1124/10
The applicants object to the obligation to provide information about an internet protocol address without a judicial order having been previously obtained.
The first applicant is the head of the legal department in the second applicant’s company. The second applicant is a company providing IT services to banking institutions, in particular through the provision and technical operation of “online banking”.
In the course of investigation proceedings concerning computer fraud committed against an online banking user, the public prosecution office asked the second applicant to disclose the internet protocol address of the orderer of a certain bank transfer. The public prosecution office based its request for information on the general investigation clause in § 161.1 of the Code of Criminal Procedure in conjunction with the provisions of the Telemedia Act (Telemediengesetz).
The applicants did not comply with the request and did not supply the information. The public prosecution office thereupon imposed an administrative fine against the first applicant for disobedience to its orders. The applicants’ appeals were unsuccessful.
The applicants’ constitutional complaint is directed against the aforementioned orders and decisions. They are, in particular, of the opinion that the request for information should have been based on a judicial order.
The Federal Constitutional Court did not accept the constitutional complaint for decision.
To the extent that the first applicant claims a violation of Article 2.1 of the Basic Law (general freedom of action) in conjunction with Article 10.1 and 10.2 of the Basic Law (secrecy of telecommunications), the constitutional complaint is inadmissible because it is not sufficiently substantiated with regard to the statutory requirements.
Imposing an administrative fine on the first applicant constitutes an interference with the applicant’s general freedom of action according to Article 2.1 of the Basic Law, which is based on § 161a.2 sentence 1 in conjunction with § 70.1 sentence 2 of the Code of Criminal Procedure. The interpretation and application of these provisions in a particular case is subject to constitutional review only regarding the question of whether specific constitutional law has been violated. This is the case where a court decision is based on a fundamentally false conception of the importance of the fundamental rights whose violation is being asserted, or where the result of that interpretation itself violates the asserted fundamental rights. Based on these standards, the applicant has not sufficiently substantiated any violation of specific constitutional law. In particular, it is not possible to establish, on the basis of the complaint submitted, whether the contested decision by the Local Court (Amtsgericht) fails to recognise the significance and scope of Article 10 of the Basic Law.
Whether providing information as ordered by state authorities constitutes an interference with the scope of protection of Article 10 of the Basic Law already appears to be an open question.
The secrecy of telecommunications guarantees the confidentiality of individual communications where, on account of the spatial distance between the sender and receiver, these are dependent on the transmitting of communication by others and thus in a particular way permits access by third parties – including state agencies. The fundamental right also covers new transmission methods. The scope of protection includes the content of the communication, as well as all further particulars of the communications relationship and refers to both the fact of the communication and the communications data of the participants, connections and numbers which the participants use to enter into contact. That includes internet protocol addresses.
By contrast, those communication data which are recorded and stored with the telecommunications customer after the communication has ended are not covered by the protection provided under Article 10.1 of the Basic Law. They are protected by the right to informational self-determination (Article 2.1 in conjunction with Article 1.1 of the Basic Law) and, possibly, by Article 13.1 of the Basic Law (inviolability of the home). The protection of the secrecy of telecommunications ends at the point at which the addressee is in receipt of the message and transmission is completed. The specific risks associated with communication across a spatial distance do not fall within the domain of the recipient, who can take his own precautionary measures.
Placing a service under the regulatory regime of the Telecommunications Act (Telekommunikationsgesetz) or the Telemedia Act does not have any impact on the scope of protection covered by Article 10.1 of the Basic Law. This provision does not follow the purely technical definition of telecommunications as applied in the Telecommunications Act, but takes as its point of reference the holders of fundamental rights and their need for protection on account of the intervention of third parties in the communications process.
The applicants have not sufficiently substantiated that the internet protocol address in question was recorded during an ongoing telecommunications transmission process by the second applicant, as the provider of the telecommunications service, and that it thus occurred outside the domain of the communications customers.
Nor can it be established from the applicants’ submissions whether a possible interference with Article 10.1 of the Basic Law would be justified, or whether the legal opinion underlying the contested decisions, according to which a judicial order is not required for providing information about the internet protocol address, fails to recognise the constitutional requirements vis-à-vis a statutory authorisation.
The limitation contained in the First Sentence of Article 10.2 of the Basic Law does not explicitly require a court order for interferences and the wording of the provision also does not, for the rest, make any qualified requirements regarding the legislative design of statutory authorisations.
According to the case-law of the Federal Constitutional Court, something different applies where, in a particular case, the interference is so serious that the requirements for safeguarding proportionality and for guaranteeing effective legal protection can only be met by way of a prior judicial review. With regard to the request for and transmission of telecommunications data, this can apply if these data are stored in large quantities for an extended period of time and if an analysis would allow the drawing of detailed conclusions regarding the communication activities and movements of a specific person.
As regards the question of how serious the interference with a person’s secrecy in the course of requesting and using the data is, the purpose to which they are to be put and the manner in which they are supplied – secretly or openly – are thus of importance, as is the reason for and the extent of storing data. The retrieval of communications data from a data record compiled on account of systematic storage without cause over an extended period of time constitutes a more intensive interference than the request for data which a telecommunications provider records for a short period depending on the respective operational and contractual circumstances.
The applicants’ submissions contain no details regarding the questions on what legal basis, for which purpose and for how long the second applicant stores the internet protocol addresses and to what extent further data are collated in that context. It is, therefore, impossible to either assess the severity of the interference associated with the request for information or to further specify the requirements for the proportionality of the retrieval and the use of the requested data.
Even taking account of the principles established in the judgment of 2 March 2010 concerning data retention, it is not possible to say that the disclosure of an individual internet protocol address, regardless of the aforementioned issues, would at any rate constitute such a serious interference with the scope of protection guaranteed under Article 10.1 of the Basic Law that a request for information based on the general investigation clause in § 161.1 of the Code of Criminal Procedure would necessarily be impermissible.