BNDG to be a statutory basis authorising data collection at all. Therefore, § 7 BNDG
violates Art. 10(1) GG in that it governs the processing of data which, in the absence
of a constitutional statutory basis, should not have been collected at all and in respect
of which further processing is therefore also impermissible. Moreover, the provision
is misleading in implying that such data may be collected and thereby provides legitimacy in respect of data collection that lacks a constitutional statutory basis.
2. The provisions on data sharing do not satisfy the constitutional requirements either. In part, they do not satisfy the requirement of legal clarity. For the rest, the provisions do not sufficiently limit data sharing to the purposes of protecting particularly
weighty legal interests and prosecuting particularly serious criminal acts, nor do they
make data sharing contingent upon the existence of sufficient indications that a specific danger may emerge or a suspicion, supported by specific facts, that such criminal acts have been committed.
310
a) § 24(1) first sentence BNDG, which concerns data sharing with domestic public
bodies, does not satisfy the requirement of legal clarity and specificity (see paras.
137 et seq. and 212 et seq. above). First of all, this is true to the extent that the provision generally allows the Federal Intelligence Service to share data “to perform its
tasks”. In principle, a reference to tasks defined elsewhere is not incompatible with
the requirement of legal clarity. However, such a general reference to the entire range
of tasks of the Federal Intelligence Service – which do not encompass operational
tasks, but are limited to gathering and analysing intelligence (cf. § 1(2) BNDG) – does
not clearly determine for which purposes the provision allows data sharing (see para.
215 above). This was confirmed by the uncertainties expressed on this point in the
oral hearing. The provision also lacks specificity insofar as it allows data sharing if
the recipient needs the data for significant public security purposes. Given that it is
not clear whether this encompasses any authority tasked with the enforcement of the
general or specific law on maintaining public security and order or only specific security authorities, it cannot be clearly ascertained which authorities may receive data in
the context of such sharing. For the rest, both provisions on data sharing do not satisfy the requirements regarding the necessary thresholds and regarding a qualified
protection of legal interests (see para. 220 et seq. above). The unspecific reference
to “significant” public security purposes, which is meant to exclude matters that are
merely trivial (cf. regarding the identical wording in § 19(1) second sentence BVerfSchG BTDrucks 18/4654, p.34), is not sufficient.
311
b) § 24(3) BNDG in conjunction with § 20(1) first and second sentence BVerfSchG,
which authorises the sharing of information with police authorities and public prosecution offices in the context of offences against state security, is also not compatible
with the constitutional requirements. The provision does sufficiently specify which authorities may receive information, yet it is doubtful whether its multi-level chain of references satisfies the requirement of legal clarity (see para. 215 above). Regardless
of these considerations, the requirements regarding the protection of legal interests
are not met consistently (see para. 221 above). This is because not all of the criminal
312
80/87