rather at preventing the reading of highly confidential information within a comprehensive data set of digital information that already exists, and that, taken as a whole,
is typically not of a private nature the way behaviour or communication in a home
would be. Here, the surveillance does not take place in the form of a chronologically ordered occurrence in different locations, but rather as access by means of a spy
program which, as far as the access is concerned, presents only the alternatives of
all or nothing.
The requirements for the protection of the core area have thus to a certain extent
been cut back. However, even here, it must be provided that the collection of information that can be considered to belong to the core area does not take place to the extent that this is possible from a technical and investigative standpoint. Available information technology safeguards in particular are to be used; if these can detect and
isolate highly confidential information, access thereto is prohibited (cf. BVerfGE 120,
274 <338>).
219
If, however, data relevant to the core area cannot be filtered out before or at the time
of the data collection, access to the information technology system is nevertheless
permissible even if it is probable that highly personal data too might incidentally be
collected. In this respect, the legislature must take into account the need for protection of the person concerned by putting in place safeguards at the levels of analysis
and use, and by minimising the effects of such access. Decisive significance attaches
to the screening by an independent body that filters out information relevant to the
core area prior to its availability to and use by the Federal Criminal Police Office (cf.
BVerfGE 120, 274 <338 and 339>).
220
bb) § 20k sec. 7 BKAG only partially satisfies these requirements.
221
(1) The requirements applicable at the level of data collection, however, are unobjectionable if interpreted in conformity with the Constitution. The second sentence of
the provision, in conformity with the aforementioned requirements, provides that all
technically available means must be used to prevent the collection of information relevant to the core area. Furthermore, the provision prohibits access to information
technology systems solely in cases where “only” information from the core area of private life is collected. According to the standards presented above, this is constitutionally sound. For constitutional reasons, the provision, however, must be interpreted in
such a manner that communication on highly confidential matters is not excluded
from the strict protection of the core area merely because it combines highly confidential with everyday matters (cf. BVerfGE 109, 279 <330>). In this respect, the provision is to be interpreted and applied in conformity with the constitutional requirements for the protection of the core area of private life and in light of the relevant
understanding of the concept (see above, C IV 3 a, d).
222
(2) In contrast, the measures in question lack constitutionally sufficient safeguards
at the level of a subsequent protection of the core area. § 20k sec. 7, sentences 3 and
4 BKAG do not provide for sufficiently independent review.
223
36/71