D: Structure of constitutionally compliant data retention - part 2

The Federal Constitutional Court, which on 3/2/2010 declared the German data retention laws unconstitutional, also explained, in its judgment (case no. 1 Constitutional Complaint 256/08, 1 Constitutional Complaint 263/08, 1 Constitutional Complaint 586/08), the principles of a constitutionally compliant structure for data retention.

The Federal Republic of Germany still has an obligation, derived from EU Directive 2006/24/EC, to adopt a law to permit the fundamental retention of data. The question of whether this law is compliant with the constitution was addressed by the Federal Constitutional Court in its judgment.

Apart from the need for statutory clarity, the judges also perceived a particular need for regulations with regard to data security, use of data, transparency and legal protection.

1. 1. Data security
The constitutional judges deem that the legislature has an obligation, owing to the potential significance of retained data, to prescribe a compulsory and particularly high level of security.

2. Use of data
The use of data is only permissible in the case of reasonable suspicion of a criminal offense which may in some cases be serious. The elements of the criminal offense must be conclusively defined by the legislature.

In addition to this case of use, the use of data is also possible if there exists a danger to life, limb or freedom of a person, to the existence or security of the Federal Republic of Germany or a state, the above having been sufficiently documented by particular facts, or for defense against a common danger.

Even in this context, the authorization for transmission is still disproportionately high for a narrow group of telecommunication connections instructed to observe particular confidentiality.

3. Transparency in data transmission
The Court refers to the principle of openness in the collection and use of personal data. Covert data collection and use should only be permissible without the knowledge of the party in question if the purpose of use of the data would otherwise be obstructed. According to the judges, this is to be assumed as a matter of principle in the case of intelligence service observations.

In the context of criminal prosecutions, however, overt data collection and use or at least the subsequent notification of the party in question would also be taken into consideration.

4. Legal protection
In the opinion of the Supreme Court, the transmission and use of traffic data should, as a matter of principle, be subject to the requirement of a judicial decree.

With these remarks, the Constitutional Court has given the legislature an opportunity to continue to fulfill the requirements of the EU directive.

Whether such an implementation will remain necessary also depends on the future decisions of the EU Commission. In this regard, the new EU Justice Commissioner, Viviane Reding, has stated: “Data retention may restrict everyone’s fundamental right to privacy,” and announced in an interview in Der Spiegel that she wishes to look into the relationship between counter-terrorism and privacy.