Bundesverfassungsgericht - Decisions - Data retention unconstitutional in its present form
14.08.20, 10:44
the increase of flat-rate services) reduces the availability of such data where there is a strict duty of
deletion of telecommunications traffic data which are not needed for the performance of the contract. In
this respect too, the precautionary storage of telecommunications traffic data may be based on aspects
which have a specific foundation in special features of modern telecommunications.
Conversely, the storage of the telecommunications traffic data may not be seen as a step in the direction 218
of legislation aiming at as comprehensive as possible a storage by way of precaution of all data useful for
criminal prosecution or the prevention of danger. Regardless of the structure of the provisions on use,
such legislation would from the outset be incompatible with the constitution. For precautionary storage of
telecommunications traffic data without cause to be constitutionally unobjectionable, this procedure must,
instead, remain an exception to the rule. Nor may it, in interaction with other existing files, lead to virtually
all activities of the citizens being reconstructible. It is therefore in particular essential for the justifiability of
such storage that it is not made directly by state agencies, that it does not also contain the contents of the
communications, and that commercial service providers are in principle prohibited from also storing details
of the Internet sites visited by their customers. The introduction of the storage of telecommunications
traffic data may therefore not serve as a model for the precautionary creation without cause of further data
pools, but forces the legislature to exercise greater restraint in considering new duties or authorisations of
storage with regard to the totality of the various data pools already in existence. It is part of the
constitutional identity of the Federal Republic of Germany that the exercise of freedom of its citizens may
not be totally be recorded and registered (on the constitutional identity retention principle, see BVerfG,
judgment of the Second Senate of 30 June 2009 – 2 BvE 2/08 and others –, juris, marginal no. 240), and
the Federal Republic of German must endeavour to preserve this in European and international contexts.
Precautionary storage of telecommunications traffic data also considerably reduces the latitude for further
data pools created without cause, including collections by way of European Union law.
dd) To summarise, a six-month storage of telecommunications traffic data to the extent provided by the 219
legislature in § 113a.1 to 8 TKG is not disproportionate from the outset in the present circumstances.
However, in order for it to be constitutionally unobjectionable, it is necessary for the formulation of the
legislation on the storage and the use of the data to take appropriate account of the particular weight of
such storage.
V.
The formulation of the legislation on a precautionary storage of telecommunications traffic data, as 220
provided in § 113a TKG, is subject to specific constitutional requirements, in particular with regard to data
security, to the extent of the use of the data, to transparency and to legal protection. Only if sufficiently
sophisticated and well-defined provisions are drafted is the encroachment constituted by such storage
proportionate in the narrow sense.
1. Storage of telecommunications traffic data in the extent of § 113a TKG requires the statutory 221
guarantee of a particularly high standard of data security.
In view of the extent and the potential informative value of the retained data gathered by such storage, 222
data security is of great importance for the proportionality of the challenged provisions. This applies in
particular because the data are stored by private service providers which act under the conditions of
profitability and cost pressure and in doing so have only limited incentives to guarantee data security. They
act in principle in their private interest and are not bound by specific official duties. At the same time, the
danger of illegal access to the data is great, for in view of their broad informative value, these data may be
of interest to the most varied actors. A particular high standard of security is therefore necessary, which
extends beyond the degree generally required under constitutional law for the storage of
telecommunications data. Such requirements of data security here apply both to the storage of the data
and to their transmission; similarly, effective safeguards are necessary to guarantee that the data are
deleted.
https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/2010/03/rs20100302_1bvr025608en.html
Seite 25 von 53