that may receive data, which also cannot be determined by looking at the openlyworded purposes for which data may be shared (see paras. 137 et seq. and 213
et seq. above; cf. in this respect BVerfGE 130, 151 <203>; 133, 277 <337 and 338
para. 143>; 141, 220 <334 para. 306>). Furthermore, the provision does not limit data sharing to sufficiently qualified legal interests, nor does it provide for a threshold
for data sharing (see para. 220 et seq. above).
It also does not impose a clear obligation on the Federal Intelligence Service to ascertain that the data shared by it is handled in accordance with the rule of law. There
are some elements of such an obligation in § 19(3) second sentence BVerfSchG.
However, this does not satisfy the requirements set out above (see para. 233 et seq.
above). The provision does not expressly state the need to ascertain that a minimum
level of protection is guaranteed under data protection law (see para. 235 et seq.
above) and it lacks documentation requirements (see para. 229 above). Moreover, it
does not specifically accommodate confidentiality protection of relationships of trust
(see para. 240 and para. 193 et seq. above).
317
§ 31 BNDG in conjunction with § 23 no. 1 BVerfSchG does not sufficiently ensure
the required ascertainment. It is not clear from that provision that the authority sharing the data must actively ascertain what the circumstances in the receiving state are
– both in terms of data protection law and in terms of human rights guarantees –,
document this ascertainment and investigate any doubts (see para. 233 et seq.
above). The provision also does not rule out that key aspects of the rule of law are
disregarded in a balancing of interests (see para. 237 above).
318
f) In an overall assessment, the provisions on data sharing do not satisfy the constitutional requirements. These provisions are, for the most part, based on the structure
of the Federal Protection of the Constitution Act and other security laws that are older
and have not sufficiently been adapted to developments in the case-law. Moreover,
in formal terms, none of the provisions on data sharing contain an obligation to document data sharing (see para. 229 above) and to specify its statutory basis (see para.
229 above).
319
3. The legal framework on cooperation in §§ 13 to 15 BNDG is also not compatible
with the proportionality requirements arising from Art. 10(1) GG and is thus unconstitutional in both formal and substantive terms.
320
a) The constitutional shortcomings identified in respect of § 6 BNDG apply to these
provisions as well. Data collection and processing in the context of cooperation is not
based on sufficiently clear provisions requiring that telecommunications data of Germans and persons within Germany be removed (see paras. 176 et seq. and 253
above). Nor are surveillance measures in the context of cooperation limited to
weighty purposes that are sufficiently specified by law (see paras. 175 and 176 and
253 above); § 13(4) BNDG does not sufficiently limit the purposes in such a way.
Therefore, the permissibility of cooperation is not tied to intelligence aims that must
be specified in relation to each measure, and is not structured along the lines of such
321
82/87