Hear ye, hear ye, you all supporters of the fundamental right of privacy – 7 out of 8 German Constitutional Justices voted to declare the data retention provisions as applied in the Telecommunications Act and in the Code on Criminal Procedure null and void!
Enough of enthusiasm, however, we can go on observing the facts some of which may prove unlikely sobering when compared to yesterday’s news titles that went around the world.
You might remember that some months ago nearly 35 000 German citizens filed a mass-complaint in which they asked the Court to abrogate the provisions on data retention.
In reviewing the complaint, the Court makes an initial statement that the Federal German Constitution would not by itself forbid the retention of telecommunications traffic data for a certain time period. However, the data retention as transposed in German legislature interfered with the fundamental right of privacy in such a manner that the legal system was previously not familiar with. Hence to avoid such interference and, similar to the Romanian Constitutional Court, the German authority uses its ruling to create a recipe to be followed by the lawmakers in future. The main point made by the Court in its ruling, is the instruction towards lawmakers to observe the so called principle of proportionality (Verhältnismäßigkeitsgrundsatz).
Under reference of the above principle, the Court distills 5 requirements that need specifically be observed when drafting the prospective laws. In particular, the Court demands
- the adoption of specific provisions relating to enhanced data security and safety which the Court views mandated by the huge amounts of data to be retained;
- to safeguard that the retained data’s direct processing shall be limited to prevent only concrete danger situations arising out of serious crimes;
- to ensure the transparency of data transfer by notifying the data subject in advance, and – where not appropriate – to subject the transfer to a respective court order and notify the data subject afterwards;
- to provide for the data subject’s legal protection amounting to, inter alia, data subject’s right to challenge the processing and transfer of their data before a court of competent jurisdiction, and – in case of breach of the above protection – to penalise such breach;
- to guarantee that indirect data processing for the purposes of IP address detection and identification, as may be the result of an enforced right of information , is not undertaken to prevent mere misdemeanours. The Court points out the importance of the latter as it states that such indirect data processing need not be subjected to a court order.
Put it all together, this long awaited ruling did hardly hit the jackpot being on stake: is the fundamental right of privacy the long expected silver bullet which is supposed to kill the vampire attempting to quench its thirst by accessing Internet users’ data? I personally read the ruling as a clear “NO”.
The Court does not really question the existence of data retention provisions. Moreover, it determines the borders of their constitutionally acceptable framing. See whether and to what extent the ruling will influence the EU member states that are still defaulting to transpone the Directive 24/2006.
Did you find this article informative, helpful or entertaining? If yes, do not forget to share it by pressing one of below buttons or to otherwise tell your friends about it!