Bundesverfassungsgericht - Decisions - Data retention unconstitutional in its present form
14.08.20, 10:44
must be defined sufficiently selectively and clearly (see BVerfGE 103, 142 (151)), in order that the service
providers do not have to undertake their own examination of the matter. These service providers may be
required and permitted to transmit data only on the basis of clear orders on data transmission.
The effectiveness of the supervision also requires that the data, on the basis of the
filtered out by the telecommunications enterprises as third parties with a duty of storage,
authorities are not given direct access to the data. In this way, the use of the data is
cooperation of a number of actors and thus to decision-making structures which mutually
other.
order, must be 250
that is, that the
referred to the
supervise each
bb) It is also constitutionally required that a legal protection procedure is available to subsequently 251
review the use of the data. Where persons affected had no opportunity before the measure was carried
out to defend themselves against the use of their telecommunications traffic data, they must be given the
possibility of subsequent judicial review.
cc) Finally, a legislative formulation that is not disproportionate also requires effective sanctions for 252
violations of rights. If even serious breaches of the secrecy of telecommunications were ultimately to
remain without sanction, with the result that the protection of the right of personality, even in its specific
manifestation in Article 10.1 GG, atrophied in view of the intangible nature of this right (see BVerfG, order
of the First Chamber of the First Senate of 11 November 2009 – 1 BvR 2853/08 –, juris, marginal no. 21;
BGHZ 128, 1 (15)), this would contradict the duty of the state to enable individuals to develop their
personality (see BVerfGE 35, 202 (220-221); 63, 131 (142-43)); 96, 56 (64)) and to protect them against
third-party threats to the right of personality (see BVerfGE 73, 118 (210); 97, 125 (146); 99, 185 (194195)); BVerfGK 6, 144 (146)). This might in particular be the case if data obtained without authorisation
were permitted to be used without hindrance, or an unauthorised use of the data were routinely to remain
without compensation to satisfy the persons affected, for lack of tangible damage.
However, in this connection the legislature has a wide legislative discretion. Here, it can in particular 253
consider how far corresponding provisions might be incorporated into the general structure of the law of
criminal procedure or into current liability law. In this respect it may also take account of the fact that in the
case of serious violations of the right of personality, the current law may already provide both for
prohibitions of use on the basis of a weighing of interests (see BVerfGE 34, 238 (248 et seq.); 80, 367
(375-376)); 113, 29 (61); BVerfGK 9, 174 (196); Decisions of the Federal Court of Justice in Criminal
Matters – Entscheidungen des Bundesgerichtshofes in Strafsachen (BGHSt) 34, 397 (401); 52, 110 (116))
and for liability for intangible damage (see BVerfGE 34, 269 (282, 285-286); BVerfGK 6, 144 (146-147);
BVerfG, order of the First Chamber of the First Senate of 11 November 2009 – 1 BvR 2853/08 –, juris,
marginal no. 21; Decisions of the Federal Court of Justice in Civil Matters – Entscheidungen des
Bundesgerichtshofes in Zivilsachen (BGHZ) 128, 1 (12)). For the decision as to whether more extensive
provisions are needed in this connection, the legislature is not prevented by this from initially considering
whether case-law on the basis of applicable law possibly takes sufficient account in the constitutionally
required manner of the particular severity of the violation of personality which the unauthorised acquisition
or use of the data in question here usually constitutes.
4. Less stringent constitutional standards apply to a use of the data stored by way of precaution which is 254
only indirect, in the form of official rights to information from the service providers with regard to the
owners of particular IP addresses which the service providers are to identify by use of the stored data. The
creation of such rights to information is permissible, independent of restrictive lists of legal interests or
criminal offences, to a greater extent than the retrieval and use of the telecommunications traffic data
themselves.
a) When information on the owners of particular IP addresses can only be determined by resorting to 255
telecommunications traffic data stored by way of precaution, it is not constitutionally necessary to satisfy
the particularly stringent requirements which otherwise apply to the use of such data.
https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/2010/03/rs20100302_1bvr025608en.html
Seite 32 von 53