You are here:
The general structure of the counter-terrorism database is compatible with the Basic Law, but certain elements of its design are not
Press Release No. 31/2013 of 24 April 2013
Order of 24 April 2013
1 BvR 1215/07
While the general structure of the counter-terrorism database is constitutional, the way in which certain elements have been designed does not satisfy the constitutional requirements. This is what the First Senate of the Federal Constitutional Court held in its judgment pronounced today. The provisions of the Counter-Terrorism Database Act that have been declared incompatible with the Basic Law continue to apply, subject to certain conditions, until new provisions have been enacted.
In essence, the decision is based on the following considerations:
1. The complainant challenges the Act on Establishing a Standardised Central Counter-Terrorism Database for Police Authorities and Intelligence Services of the Federation and the Länder (Gesetz zur Errichtung einer standardisierten zentralen Antiterrordatei von Polizeibehörden und Nachrichtendiensten von Bund und Ländern, Antiterrordateigesetz, Counter-Terrorism Database Act – ATDG).
2. There is no need to request a preliminary ruling from the Court of Justice of the European Union. Neither the Counter-Terrorism Database Act nor any measures taken on the basis of this Act concern the implementation of EU law within the meaning of Art. 51(1) first sentence of the Charter of Fundamental Rights of the European Union. The Counter-Terrorism Database Act pursues specific domestic aims whose potential impacts on the legal relationships governed by EU law are indirect at most. EU fundamental rights are therefore inapplicable from the outset, and the Court of Justice of the European Union is not the lawful judge within the meaning of Art. 101(1) second sentence of the Basic Law (Grundgesetz – GG). The decision of the Court of Justice of the European Union in the Ȧkerberg Fransson case (Judgment of 26 February 2013, C-617/10) does not lead to a different conclusion. In the interest of fostering a cooperative relationship between the Court of Justice of the European Union and the Federal Constitutional Court, this decision must not be interpreted in such a way that it would have to be considered as an ultra vires act or as jeopardising the protection and enforcement of the fundamental rights of the Member States to an extent that would call into question the Basic Law’s constitutional identity. The First Senate of the Federal Constitutional Court assumes that the Court of Justice’s findings in that decision are based on the particular features of value-added tax law and do not express a general view in this regard. The Federal Constitutional Court’s decision on this point was unanimous.
3. The constitutional complaint is in part well-founded.
a) The general structure of the counter-terrorism database is compatible with the right to informational self-determination under Art. 2(1) in conjunction with Art. 1(1) GG.
aa) The information-sharing possibilities created by the challenged provisions are of considerable weight. For affected persons, being included in such a database can be a considerable burden.
The interference is aggravated by the fact that the database also allows for information sharing between intelligence services and police authorities. The legal order distinguishes between the police with their generally overt activities, their remit oriented towards operational tasks and their grounding in detailed statutory regimes, and the intelligence services with their generally covert activities, their narrow remit of precautionary observation and investigation aimed at providing political intelligence and advice, and their related legal position within a less detailed statutory framework. With regard to data sharing between intelligence services and police authorities, the fundamental right to informational self-determination gives rise to the principle of separation of police and intelligence data (informationelles Trennungsprinzip). If data is shared between intelligence services and police authorities for the purposes of operational action, this gives rise to a particularly serious interference. Such interference is only permissible in exceptional cases and must serve an exceptionally significant public interest. The respective thresholds applicable to any interferences involved in obtaining the relevant data must not be circumvented.
However, the interference resulting from the counter-terrorism database is mitigated by the fact that it is designed as a joint database whose core focus is limited to facilitating requests in respect of data that has already been collected elsewhere. Data transfer for operational [police] purposes is governed by the relevant legislation which, in turn, must satisfy the constitutional requirements and the principle of separation of police and intelligence data. The Counter-Terrorism Database Act permits data sharing for operational action only in exceptional emergencies.
bb) The Counter-Terrorism Database Act is designed to counter criminal acts that qualify as terrorism. Terrorist acts are directed against the pillars of the constitutional order and society as a whole. Our constitutional order requires that such attacks not be considered within the framework of war or states of emergency – which would lead to the suspension of certain requirements deriving from the rule of law – but that they be qualified as criminal acts that must be countered with the means available to the state under the rule of law. At the same time, the fight against terrorism must be accorded considerable weight in the context of the proportionality assessment.
cc) On the basis of a balancing between the conflicting interests, the general structure of the counter-terrorism database is not objectionable under constitutional law. However, if the statutory framework governing the database is to satisfy the principle of proportionality in its strict sense, the provisions must be set out in a clear manner with sufficiently restrictive scope regarding what data is to be stored in the database and how this data may be used. Furthermore, qualified oversight requirements must be provided for and observed.
b) The Counter-Terrorism Database Act does not fully satisfy these requirements.
aa) § 1(2) ATDG provides for the possible participation in the counter-terrorism database of other police authorities, which are only defined in broad terms that are subject to interpretation. This is incompatible with the requirement of specificity. If the legislator chooses to place the decision about the participating authorities in the hands of the executive, it is required to do so in the form of an ordinance. Mere administrative provisions are not sufficient.
bb) The provisions determining the group of persons to be included in the database are not compatible with the constitutional requirements in every respect.
(1) § 2 first sentence no. 1 ATDG initially provides that members, supporters and support groups of terrorist organisations are to be included in the database. However, the provision then extends the scope to include persons who merely provide assistance to support groups, without specifying that such assistance of terrorism-supporting activities must be deliberate in order for them to be included in the database. This means that the database may include persons who – long before any terrorist act is committed – provide assistance to what they may believe to be unsuspicious organisations, without being aware of any link to terrorism. This violates the principle of legal clarity and is incompatible with the prohibition of excessive measures (Übermaßverbot). The provision cannot be interpreted in conformity with the Constitution.
(2) § 2 first sentence no. 2 ATDG is also not fully compatible with the Constitution. This provision, which is designed to target individuals who might be associated with terrorism, combines a number of ambiguous and potentially broad legal terms.
Following a tie in the Justices’ vote, the terms ‘unlawful violence’ and ‘intentional incitement to unlawful violence’ cannot be declared unconstitutional. In the opinion of the four Justices who voted against a declaration of unconstitutionality in this respect and whose view ultimately carries the decision, the use of these legal concepts is compatible with the Basic Law as long as they are not interpreted in an overly broad manner and, in particular, as long as the term ‘violence’ only refers to violence that is immediately directed against life and limb or that is characterised by the use of means that endanger the public. In the opinion of the other four Justices, the provision would have to be declared unconstitutional in its entirety because of its lack of specificity and its overly broad scope. In these Justices’ view, the provision cannot be interpreted in conformity with the Constitution.
In the unanimous view of the Court, the mere ‘endorsement’ of unlawful violence within the meaning of this provision does not provide sufficient grounds to justify the inclusion of persons in the counter-terrorism database. To that extent, the provision violates the prohibition of excessive measures. The challenged provision uses a person’s subjective beliefs as its decisive element and thus relies on criteria that individuals cannot fully control and that cannot be influenced by law-abiding conduct.
(3) § 2 first sentence no. 3 ATDG is also unconstitutional. It provides that in cases where contact persons are not aware that the main target person is involved in terrorism-related activities, basic data (einfache Grunddaten) on these contact persons must be stored in the database. In cases where contact persons are aware of such activities, extended data (erweiterte Grunddaten) on them must be stored too. As a result, the sharing of non-anonymised information between the participating authorities also extends to data on contact persons.
The provision is incompatible with both the principle of specificity and the prohibition of excessive measures. Constitutional law does not categorically exclude data on contact persons from being kept in the counter-terrorism database. However, such persons are usually of interest only to the extent that they can provide information about the main target person thought to be associated with terrorism. The legal framework needs to reflect this fact. It would be permissible to include contact persons in the counter-terrorism database if only the most basic information on them is stored. This information would then have to be stored in a concealed manner, in the form of additional information on the main target person associated with terrorism.
cc) The scope of the data to be stored pursuant to § 3(1) nos. 1a and 1b ATDG is not objectionable under constitutional law. With some of this data, however, the administrative authorities subsequently break down the classifications even further. Any such further classifications must be documented and published.
This obligation to document and publish any further classifications applies to the very broadly worded categories of data to be stored in the database set out in § 3(1) no. 1b gg, hh, ii, kk, nn ATDG (for example, skills relevant to terrorist activities). These categories do satisfy the requirement of specificity given that only the security authorities can break them down into further categories. However, the legislator must ensure that such further classifications are documented and published. The current practice is to specify and standardise the indeterminate legal concepts (unbestimmte Rechtsbegriffe) in question by way of a catalogue – integrated into the software – of the categories to be stored in the database; the Federal Government submitted a ‘catalogue manual’ to the Court in this respect. Yet the Counter-Terrorism Database Act does not require that this catalogue be published. Therefore, the current statutory framework does not satisfy the requirements for a design in accordance with the rule of law.
The possibility of using free text entries (§ 3(1) no. 1b rr ATDG) is compatible with the prohibition of excessive measures. It does not amount to a blanket authorisation for arbitrary inclusion of further information in the database; rather, it allows authorities to provide additional comments and assessments which cannot otherwise be reflected due to the standardisation and categorisation of the entries.
dd) The regime governing data use is not compatible in every respect with the prohibition of excessive measures.
(1) Nevertheless, the way basic data may be requested and used is not objectionable under constitutional law. The same applies to requests for extended data, insofar as these concern searches for a specific name (§ 5(1) first and third sentence in conjunction with § 3(1) no. 1b ATDG). If a search for a person’s name yields a match in the extended data, the requesting authority does not get access to the extended data as such, but only receives notification that a positive match exists, together with information on which authority holds the relevant data and the file reference under which the data is stored there. Direct access to the extended data is only possible if the authority holding the information releases it following an individual transfer request subject to the relevant legislation.
(2) The possibility of conducting reverse searches (§ 5(1) second sentence no. 1a ATDG) is incompatible with the prohibition of excessive measures. With reverse searches, the extended data is searched using criteria other than name. In the event of a match, the authority consulting the database is provided not just with information on how and where to request further data, but also with direct access to the corresponding basic data. Authorities can consult the database by searching for one or several criteria – persons with a certain religious affiliation and training who frequent a certain meeting place, for example. In the event of a match, they can obtain not just the information about which authority holds relevant information, but also the name, address and other basic data on any person matching the search criteria. Such far-reaching data use does not take sufficient account of the fact that the extended data is substantive in scope. The design of the provisions governing the database’s usage must ensure that, if a search in the extended data yields a match, only the file reference and the authority holding the data are displayed, but not the corresponding basic data.
(3) This notwithstanding, there are no constitutional objections to allowing the direct use of extended data in urgent cases (§ 5(2) in conjunction with § 6(2) ATDG), even in the context of reverse searches. The statutory prerequisites for such use are sufficiently narrow to justify the interference. The provisions satisfy the prohibition of excessive measures and the principle of separation of police and intelligence data.
ee) Given the very nature of the database’s purpose and design, the Counter-Terrorism Database Act only ensures a limited degree of transparency regarding information sharing. As a result, affected persons are afforded only limited possibilities of legal protection. This is compatible with the Basic Law provided that the constitutional requirements regarding effective oversight are observed. To that end, oversight bodies – such as under current law the data protection officers – must be equipped with effective powers at both the federal and Land level. Any access to and modifications of the data records must be comprehensively documented and made available to the data protection officers in a form that allows them to conduct effective audits. Audits must be performed regularly at intervals not exceeding approximately two years.
The statutory framework lacks sufficient requirements ensuring that mandatory audits are performed at regular intervals; the legislator must remedy these shortcomings. For the rest, the provisions must be interpreted in conformity with the Constitution. Moreover, the legislator must monitor whether conflicts arise that require further determination in the law or the introduction of dispute resolution mechanisms such as the expansion of legal protection.
ff) In order to ensure transparency and oversight, the legislator must enact statutory reporting obligations. It must be ensured that the Federal Criminal Police Office submits regular reports to Parliament and the public on what data is included in the counter-terrorism database and how it is used.
c) The statutory framework provides for the full and unrestricted inclusion in the counter-terrorism database of data obtained through interferences with the privacy of telecommunications (Art. 10(1) GG) and the right to the inviolability of the home (Art. 13(1) GG); this is incompatible with the Basic Law. Due to the special protection afforded by these fundamental rights, data collected through such interferences is generally subject to more stringent requirements. The unrestricted inclusion of such data in the counter-terrorism database leads to the relevant information being made available for investigation measures prior to the emergence of any tangible dangers, regardless of whether terrorist acts have been committed or are imminent, even though this purpose would not be capable of justifying the collection of data through interferences with the privacy of telecommunications or the inviolability of the home. This circumvents the applicable requirements for collecting data.
By contrast, if the statutory framework were to always require concealed storage of such data pursuant to § 4 ATDG, it would be constitutional with regard to the principle of proportionality. With such a design, the statutory framework would ensure that the relevant information can only be accessed in accordance with the applicable data transfer provisions. Those provisions, in turn, can ensure that qualified thresholds for interference are in place, as required under constitutional law, and that legal interests of sufficient importance are protected.
4. Despite the fact that the challenged provisions are in part unconstitutional, they are not declared void but only incompatible with the Basic Law. Subject to certain conditions, the provisions continue to apply until new provisions have been enacted, but no longer than 31 December 2014.