With regard to the use of data by security authorities, the legislature may thus generally allow for a change in purpose of data if it concerns information that results, in individual cases, in a specific evidentiary basis for further investigations investigating
comparably serious criminal offences or providing protection against threats that, at
least in the medium term, threaten comparably weighty legal interests as those with
regard to whose protection the respective data collection is permissible.
290
The same, however, does not apply with regard to information obtained through the
surveillance of private homes or access to information technology systems. Considering the significant weight of the interference reflected in these measures, each and
every new use of data is subject to the same justification requirements as the data
collection itself in that the new use also requires imminent danger (cf. BVerfGE 109,
279 <377, 379>) or a sufficiently specific impending danger (see above, C IV 1 b).
291
cc) These requirements for the permissibility of a change in purpose reflect a specifying consolidation of a long line of jurisprudence developed by both Senates of the
Federal Constitutional Court (cf. BVerfGE 65, 1 <45 and 46, 61 and 62>; 100, 313
<389 and 390>; 109, 279 <377>; 110, 33 <68 and 69, 73>; 120, 351 <369>; 125, 260
<333>; 130, 1 <33 and 34>; 133, 277 <372 and 373 para. 225>). It does not constitute an intensification of the standards but carefully delimits them in that it does not
apply the criterion of a hypothetical re-collection of the data in a strict manner (cf. already BVerfGE 133, 277 <374 para. 226>) but instead partially revokes former requirements with regard to the interference thresholds that determine the required
temporal proximity of the risk situation (cf. in particular BVerfGE 100, 313 <394>; 109,
279 <377>). Also giving up the requirement of a protection of comparably weighty legal interests – as suggested in one of the separate opinions – would mean that the
limits of the principle of purpose limitation as a core element of constitutional data
protection (cf. BVerfGE 65, 1 <45 and 46, 61 and 62>) would practically be rendered
obsolete with regard to security law – in particular if the requirement of a specific evidentiary basis for further investigations is at the same time held to be too strict (or at
most these limits would be limited rudimentarily to data stemming from the surveillance of private homes or remote searches).
292
II.
In light of the abovementioned standards, § 20v sec. 4 sentence 2 BKAG, which
sets out how the Federal Criminal Police Office may use data it collected itself, does
not satisfy constitutional requirements. The provision is unconstitutional.
293
1. The use of data as set out in § 20v sec. 4 sentence 2 no. 1 BKAG solely with regard to carrying out tasks to protect against threats from international terrorism is
generally compatible with constitutional requirements; however, the provision lacks a
sufficient limitation for data obtained through the surveillance of private homes and
remote searches.
294
a) Generally, the provision does not give rise to effective constitutional concerns.
295
49/71