D: German Federal Constitutional Court on the seizure of e-mails on Provider servers

On 16 June 2009 the Federal Constitutional Court rejected a constitutional complaint regarding the highly contentious seizure of e-mails stored on Provider servers. According to the above, seizure is permissible in cases other than investigations into serious crimes.

In the course of a criminal investigation into accusations of fraud and embezzlement in respect of third parties, the plaintiff's home was searched by order of a district court. The order also expressly included a search for e-mails. The plaintiff's e-mails had however remained on the operator's server, even after they had been read. The district court thereupon ordered the seizure of these e-mails. The e-mails were copied from the Provider and submitted to the investigating authorities.

As the Federal Constitutional Court explains in its ruling of 16 June 2009 (File ref. 2 BvR 902/06), such instructions do not breach the plaintiff's constitutional rights; nor, specifically, do they breach Article 10 ( 1) Basic Law (secrecy of telecommunications).

First, the Federal Constitutional Court states that the protection under Article 10 ( 1) Basic Law (secrecy of telecommunications) also applies to e-mails that have been read but remain on the Provider's server. Access to such e-mails pursuant to Sections 94 ff Penal Code is not, however, restricted to investigations into serious crimes. Care must be taken to ensure that no more data are collected than actually required for the investigation. This must be specified in the court order required for the seizure of the data. In addition, access is not permissible where there are factual indications that the information strictly concerns private life only. If data of this kind have been collected, they are to be deleted immediately. The inbox owner must be notified prior to any seizure.

This decision is of far-reaching importance not only for private individuals; it also affects many companies that do not have their own e-mail servers but prefer to use hosting or "freemail" services. Whereas the data are covered by the secrecy of telecommunications clause pursuant to Article 10 (1) Basic Law as long as they are stored on their servers, they are not protected against seizure and can also be inspected by investigating authorities. Ultimately, this judgment states that it does not make a difference whether the e-mails are stored on individual computers or Provider servers - seizure is permissible in both cases.

For providers this means that they are obligated, on court order, to surrender the e-mails to the criminal prosecution authorities. The corresponding court orders should however be carefully checked so as to avoid subsequently becoming the object of damages claims by customers.