CEDHCASELAW;JUDGMENTS;CHAMBER;ENG23
CEDH · CASELAW;JUDGMENTS;CHAMBER;ENG — 30 janvier 2020
- ECLI
- ECLI:CE:ECHR:2020:0130JUD005000112
- Date
- 30 janvier 2020
- Publication
- 30 janvier 2020
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officielleNo violation of Article 8 - Right to respect for private and family life (Article 8-1 - Respect for private life)
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s800EAC49 { font-size:12pt } .sFE10DC93 { margin-top:0pt; margin-bottom:0pt; text-align:center } .sBB9EE52A { font-family:Arial } .s339D85E6 { margin-top:0pt; margin-bottom:14pt; text-align:center; page-break-inside:avoid; page-break-after:avoid } .s34DFC730 { margin-top:0pt; margin-bottom:0pt; text-align:center; page-break-inside:avoid; page-break-after:avoid } .s29100277 { font-family:Arial; font-weight:bold } .sA36B60A1 { font-family:Arial; font-style:italic } .s57F1263A { margin-top:0pt; margin-bottom:24pt; text-align:center; page-break-inside:avoid; page-break-after:avoid } .sEA491392 { margin-top:0pt; margin-bottom:24pt; page-break-inside:avoid; page-break-after:avoid; border:0.75pt solid #000000; padding:1pt 4pt } .s598389FB { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:14pt } .sF5E1C6CF { font-family:Arial; font-weight:bold; text-decoration:underline; color:#ff0000 } .sE208486F { font-family:Arial; color:#ff0000 } .s598389F8 { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:11pt } .s4ACA9207 { page-break-before:always; clear:both; mso-break-type:section-break } .s701081D1 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; text-align:left } .s9793A85B { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt } .sCB9E0544 { margin-top:0pt; margin-bottom:0pt; text-align:left } .sB9D5CABB { width:28.35pt; display:inline-block } .sD3B63DAD { margin-top:36pt; margin-bottom:12pt; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s79DE5897 { margin-top:18pt; margin-left:17.85pt; margin-bottom:12pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid } .sA8776625 { margin-top:18pt; margin-left:29.2pt; margin-bottom:12pt; text-indent:-17.6pt; page-break-inside:avoid; page-break-after:avoid } .sF7A86111 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .s34D46E87 { margin-top:12pt; margin-bottom:6pt; text-align:center; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s4CED6078 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:14.75pt; font-size:10pt } .sBB355983 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s4DDA3AA3 { font-family:Arial; font-weight:bold; font-style:italic } .s8C6C4B { width:7.65pt; text-indent:0pt; display:inline-block } .s157F70F2 { margin-top:0pt; margin-left:21.25pt; margin-bottom:0pt; text-indent:7.1pt; font-size:10pt } .s6DB06886 { margin-top:18pt; margin-left:14.2pt; margin-bottom:12pt; page-break-inside:avoid; page-break-after:avoid } .s72C8F48C { margin-top:12pt; margin-left:36.6pt; margin-bottom:6pt; text-indent:-15.05pt; page-break-inside:avoid; page-break-after:avoid } .sA20670C4 { margin-top:12pt; margin-left:48.75pt; margin-bottom:6pt; text-indent:-17pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sAADB120E { margin-top:6pt; margin-left:28.35pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .s59DEA84 { margin-top:12pt; margin-left:59.5pt; margin-bottom:6pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s4B8D41EE { font-family:Arial; font-size:10pt } .sB206C230 { margin-top:12pt; margin-left:68.65pt; margin-bottom:6pt; text-indent:-16.75pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s583D00FA { margin-top:0pt; margin-left:17pt; margin-bottom:0pt; text-indent:-17pt } .s32563E28 { margin-top:0pt; margin-bottom:0pt } .s4B243ECC { margin-top:12pt; margin-bottom:0pt; text-indent:14.2pt; page-break-inside:avoid; page-break-after:avoid } .sF7A4323 { margin-top:36pt; margin-bottom:0pt; text-align:left } .sF473C9B7 { width:176.62pt; display:inline-block } .s7602FED2 { width:18.21pt; display:inline-block } .sC1AC44A4 { width:228.11pt; display:inline-block } .s379BC09C { margin-top:36pt; margin-bottom:0pt; text-align:right } .s5E1364CA { margin-top:0pt; margin-bottom:12pt; text-align:center; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s6B505E72 { margin:0pt; padding-left:0pt } .s416B6923 { text-indent:14.2pt; font-family:Arial; list-style-position:inside } .sACBB7403 { width:6.79pt; font:7pt 'Times New Roman'; display:inline-block } .sFBC99493 { font-style:italic } .sBA59B8E7 { width:0.12pt; font:7pt 'Times New Roman'; display:inline-block } .s7A64F404 { text-decoration:underline }     FIFTH SECTION   CASE OF BREYER v. GERMANY (Application no. 50001/12)       JUDGMENT Art 8 • Respect for private life • Legal obligation on service providers to store personal data of users of prepaid mobile telephone SIM cards and make them available to authorities upon request • Interference concerning limited data set • Data retrieval by authorities accompanied by adequate safeguards • Impugned storage proportionate to legitimate aims of protecting national security and fighting crime STRASBOURG 30 January 2020   FINAL   07/09/2020     This judgment has become final under Article 44 § 2 of the Convention. It may be subject to editorial revision. In the case of Breyer v. Germany, The European Court of Human Rights (Fifth Section), sitting as a Chamber composed of:   Yonko Grozev, President,   Angelika Nußberger,   Síofra O’Leary,   Carlo Ranzoni,   Mārtiņš Mits,   Lәtif Hüseynov,   Lado Chanturia, judges , and Claudia Westerdiek, Section Registrar , Having deliberated in private on 3 December 2019, Delivers the following judgment, which was adopted on that date: PROCEDURE 1.     The case originated in an application (no. 50001/12) against the Federal Republic of Germany lodged with the Court under Article 34 of the Convention for the Protection of Human Rights and Fundamental Freedoms (“the Convention”) by two German nationals, Mr Patrick Breyer and Mr   Jonas Breyer (“the applicants”), on 27 July 2012. 2.     The German Government (“the Government”) were represented by their Agents, Mr H.-J. Behrens and Ms   K.   Behr of the Federal Ministry of Justice and Consumer Protection. 3.     The applicants complained under Articles 8 and 10 that, as users of prepaid mobile phone SIM cards, certain personal data had been stored by their respective service providers owing to the legal obligation provided by section 111 of the Telecommunications Act. 4.     On 21 March 2016 the Government were given notice of the application. 5.     Written submissions were received from Privacy International and ARTICLE 19, which had been granted leave by the Vice ‑ President to intervene as third parties (Article 36 § 2 of the Convention and Rule 44 § 2 of the Rules of Court). THE FACTS I.     THE CIRCUMSTANCES OF THE CASE A.     Background to the case 6.     The applicants were born in 1977 and 1982 respectively and live in Wald-Michelbach. Both applicants were involved in a civil-liberties union which campaigned against the general retention of telecommunications data. In that context both applicants organised public protests and published articles criticising State surveillance. The first applicant was also a member of the Parliament of Schleswig-Holstein. 7.     In June 2004 a legal obligation for telecommunications providers to store personal details of all their customers, even of customers where such details were not necessary for billing purposes or other contractual reasons (prepaid (“pay-as-you-go”) mobile telephone SIM cards), was introduced via amendments to the Telecommunications Act ( Telekommunikationsgesetz ). Until these amendments came into force, telecommunications service providers had been entitled solely to collect and store the data necessary for their contractual relationship. Where prepaid mobile telephone SIM cards were concerned, no such data had been considered necessary. These amendments were made in the framework of a fundamental revision of the Telecommunications Act which was felt necessary after the adoption of five EU Directives on 7 March and 12 July 2002 which had to be transposed into German Law before July and October 2003. 8.     Both applicants use prepaid mobile phone SIM cards and had to register under section 111 of the Telecommunications Act (see paragraph 27 below) certain personal details with their respective service providers when activating those SIM cards. B.     Proceedings before the Federal Constitutional Court 9.     On 13 July 2005 the applicants lodged a constitutional complaint against, amongst other provisions, sections 111, 112 and 113 of the Telecommunications Act. Section 111 of this Act introduced the obligation to collect and store the telephone numbers, the name, address and date of birth of an allocation holder and the effective date of the contract (see paragraphs 27-28 below). Sections 112 and 113 of the Telecommunications Act contained an automated and a manual procedure for accessing the data stored under section 111 (see paragraphs 29 and 31 below). The applicants argued that the above-mentioned sections violated their right to privacy of correspondence, post and telecommunications as well as their right to informational self-determination ( Recht auf informationelle Selbstbestimmung – see paragraph 25 below). 10.     Section 111 of the Telecommunications Act was amended by an Act of 21 December 2007 by which other identifiers of an allocation were included under the obligation to store subscriber data and the data to be stored were expanded to include the respective device number, in cases in which a mobile-communication end device was made available together with the mobile-communication allocation. 11.     The applicants extended their pending constitutional complaint to include the amended version of the Telecommunications Act. Consequently, the Federal Constitutional Court considered in its judgment the Telecommunications Act as in force on 1   January 2008. C.     Decision of the Federal Constitutional Court (no. 1 BvR 1299/05) 12.     On 24 January 2012 the Federal Constitutional Court decided, in so far as relevant for the present case, that sections 111 and 112 of the Telecommunications Act were compatible with the Basic Law ( Grundgesetz ), that section 113(1), sentence 1, was compatible with the Basic Law when interpreted in conformity with it, and that sections 112 and 113 required independent enabling legislation for the retrieval of data by the authorities listed or referred to therein (see paragraphs 29 and 31 below). Concerning the parts of the applicants’ constitutional complaint that are not at issue in the present proceedings, the Federal Constitutional Court held that the manual information procedure set out in section   113(1) could not be used for the assignment of dynamic IP addresses and that the security authorities could only request information on access codes under section   113(1) if the statutory requirements for their use were satisfied. 13.     It also noted that according to the federal government, the automated retrieval procedure under section 112 of the Telecommunications Act was of primary importance. Experience had shown that the number of manual retrievals carried out under section 113 of the Telecommunications Act was between 3% and 5% of the number of automated requests made under section 112 of the Telecommunications Act. 14.     As regards the relevant parts of the applicants’ constitutional complaint, the Federal Constitutional Court first held that the provisions being challenged interfered with the right to informational self-determination. It further stated (as translated into English on the Federal Constitutional Court’s website; references to the court’s jurisprudence have been omitted in the quotes below) as follows: “122.   a)     The right to informational self-determination takes account of endangerments and violations of personality which arise in the conditions of modern data processing from information-related measures. The free development of personality presupposes the protection of the individual against unrestricted collection, storage, use and transmission of the individual’s personal data. This protection is therefore covered by the fundamental right of Article 2(1) in conjunction with Article 1(1) of the Basic Law. In this respect, the fundamental right guarantees the authority of the individual in principle himself or herself to decide on the disclosure and use of his or her personal data. The guarantee of the fundamental right takes effect in particular when the development of personality is endangered by government authorities using and combining personal information in a manner which persons affected can neither fully appreciate nor control. The extent of protection of the right to informational self-determination is not restricted to information which by its very nature is sensitive and for this reason alone is constitutionally protected. In view of the possibilities of processing and combining, there is no item of personal data which is in itself, that is, regardless of the context of its use, insignificant. In particular, the protection of informational self-determination also includes personal information on the procedure by which telecommunications services are provided. 123.     Provisions which give authority for government authorities to deal with personal data as a rule create a number of encroachments which build on each other. In this respect, a distinction must in particular be made between the collection, storage and use of data. In legislating for data exchange for the purpose of the performance of government duties, however, a distinction must also be made between data transfer by the party supplying the information and data retrieval by the agency seeking the information. A data exchange takes place through the encroachments of retrieval and transfer, which correspond to each other and each of which requires an independent legal basis. Figuratively speaking, the legislature must open not only the door for the transmission of data, but also the door for their retrieval. It is only both legal bases together, which must operate together like a double door, which give authority to exchange personal data. This does not exclude – subject to the system of competencies and the requirements of clear drafting – the possibility of both legal bases being contained in one provision. 124.   b)     The challenged provisions encroach upon the complainants’ fundamental right to informational self-determination. Firstly, there are encroachments upon the duty of collection and storage of [section   111 of the Telecommunications Act]. There are independent further encroachments upon fundamental rights by the duty of service providers laid down in [section   112(1) of the Telecommunications Act] to make the data available as customer databases which can be accessed in an automated procedure and by the authority of the Federal Network Agency to retrieve these data and to transmit them to particular authorities (see [section   112(4) of the Telecommunications Act]). Accordingly, [section   113(1), sentences 1 and 2, of the Telecommunications Act] create independent encroachments upon fundamental rights by imposing on the telecommunications service providers a duty to provide information on demand with regard to the data stored by themselves. 125.     Finally, [sections   112 and   113 of the Telecommunications Act] are subject to prior retrieval of the data by the authorities entitled to retrieve, in the form of a request ([sections   112(1), 112(2) and 112(4) of the Telecommunications Act]) or a demand ([section   113(1) of the Telecommunications Act]); this constitutes an independent encroachment which must be distinguished from the foregoing. But under the legislature’s legislative concept, this also requires a further legal basis, which must be contained in federal or Land legislation, depending on the area involved. The provisions of [sections   112 and 113 of the Telecommunications Act] – corresponding to the distinction between collection and transmission in the legislative typology of the data protection Acts – are to be understood solely as the legal basis for the transmission. They presuppose that the authorities entitled to receive information have independent powers of collection ...” 15.     In connection with section 111 of the Telecommunications Act the Federal Constitutional Court held that the obligation to maintain a database for subscriber information pursued the legitimate aim of, in particular, criminal prosecution. Even though the database constituted a precautionary collection and storage of a great range of data and criminal offenders would still be able to circumvent the provision by using telecommunications services anonymously, under false names or with mobile-telephone cards acquired from third parties, the interference with the right to informational self-determination was ultimately justified owing to the relatively restricted nature of the information stored. 16.     Concerning proportionality, the Federal Constitutional Court stated, inter alia : “136.     [Section 111 of the Telecommunications Act] does not violate the requirements of proportionality in the narrow sense. Even if the provision orders a precautionary collection and storage, without occasion, of a great range of telecommunications data, in view of the relatively restricted information content of the collected data this is an encroachment of limited weight. 137.     However, the encroachment is non-trivial. It has weight in so far as [section   111 of the Telecommunications Act] makes it possible to attribute telecommunications numbers and subscribers almost completely for all telecommunications services and for this purpose individualising data such as address, date of birth and date when the contract commences are recorded and kept available by the government. The data form a general basis for information and fulfil the function of a telecommunications number register. As a rule, they make it possible to obtain all the telecommunication numbers of any person; conversely, virtually every telecommunications event for which a telecommunications number is determined may also be attributed to a connection and thus to a subscriber. As data which relate to the fundamental elements of telecommunications events they are therefore associated with particularly protected information relationships whose confidentiality is essential for a free order. In addition, the corresponding data are collected and stored without cause by way of precaution in order to make them available for the performance of government duties. 138.     Nevertheless, the encroachment constituted by this is not of very great weight. In particular, the fact that the data are collected by way of precaution does not give the procedure a very great weight. For even if [section 111 of the Telecommunications Act] has a great range, the encroachment is restricted in substance to narrowly restricted data which in themselves give no evidence as to the specific activities of individuals and whose use the legislature has restricted to purposes defined in more detail. In such cases, even a precautionary storage is not automatically a particularly serious encroachment for the mere reason that it is carried out without occasion. Admittedly, the precautionary storage of data must always remain an exception to the rule and needs to be justified. But it is not excluded from the outset that precautionary data collections may be justified as the basis of the performance of a variety of government duties, such as are currently familiar in the form of the register of residents or, in the field of motor vehicles, in the form of the Central Vehicle Register ... and the Central Register of Driving Licences ... 139.     The data covered by [section 111 of the Telecommunications Act] have limited probative value. They merely make it possible for telecommunications numbers to be individually attributed to the respective subscribers and thus to those numbers’ potential (and typical) users. These data contain no more detailed private information. In a fundamentally different way than in the case of precautionary storage of all telecommunications traffic data, neither do these data as such contain highly personal information, nor is it possible to use them to create personality profiles or track users’ movements. ... 140.     Nor does a particular weight of the encroachment result from the fact that the data of [section 111 of the Telecommunications Act], taken in context, permit individual telecommunications events known to the authorities to be attributed and thus in certain circumstances make it possible to obtain individualised knowledge of their circumstances or their content. For in this way all that is made possible from the outset is the investigation of individual events where required by a specific case. In these cases, the authority already knows the circumstances or the content of the telecommunications event which is to be individualised with the data of [section 111 of the Telecommunications Act], whether because the authority has found them by investigation within its own competence – for example on the basis of § 100g of the Code of Criminal Procedure ... – involving encroachment upon the secrecy of telecommunications, whether because it has learnt of them through its own observations or from third-party information without such an encroachment. In the same way, conversely, no particular weight of the encroachment results from the fact that a retrieval of telecommunications numbers may be followed by further measures which in certain circumstances may entail serious encroachments, including encroachments upon the secrecy of telecommunications. For such further encroachments are only permissible under independent legal bases, which must take account of the weight of the encroachment in question. 141.     The possibility of attribution of the data collected in [section 111 of the Telecommunications Act] serves the effective performance of the duties of the authorities defined in more detail in the provisions on use. It is constitutionally justified by the fact that the State may have a legitimate interest in successfully investigating particular telecommunications events if occasion arises, and this interest in the performance of particular tasks may have considerable weight, in individual cases even pre-eminent weight. It may not be cited in opposition to this that direct communication without means of telecommunications has no comparable encroachments. For the situation in that case is different. Because direct communication does not resort to technical means of communication which make it possible, without public observation, to interact over any distance in real time, it has no comparable basis, nor is there a comparable necessity for such a register. The traditional powers of investigation, for example the examination of witnesses or the seizure of documents, are more useful for clarification here than they are with regard to communication by means of electronic services. However, it is correct that even the possibilities of the modern means of telecommunications provide no justification for registering, if possible, all activities of citizens by way of precaution and making them basically reconstructible in this way. But there is no question of this when a register of telecommunications numbers is established, even when account is taken of the interaction with other available data.” 17.     With regard to section 112 of the Telecommunications Act, the Federal Constitutional Court clarified (paragraph 144) that this provision “governs the use of the data stored under [section 111 of the Telecommunications Act] in the form of an automated information procedure in which the Federal Network Agency [ Bundesnetzagentur ] is to transmit the data on request to particular authorities named in [section 112(2) of the Telecommunications Act]. The provision is the legal basis only for the duty to make the data available as customer databases, for access to and transmission of these data, but not also for the retrieval in the form of a request from the authorities entitled to receive information.” However, according to the court, a general entitlement to collect data could be sufficient for a request by the entitled authorities. In this connection the court used the analogy of a double door (see paragraph 123, cited in paragraph 14 above), stating that, while section 112 of the Telecommunications Act opened the door for transmission, it did not open the door for data collection by the specialised authorities. 18.     Nonetheless, the Federal Constitutional Court held that – for several reasons   – the interference provided for by section 112 of the Telecommunications Act was considerably weighty: “156.     However, the provision acquires a considerable weight of encroachment from the fact that [section 111 of the Telecommunications Act] very much simplifies data retrievals. The procedure, which is centrally organised and automated, permits an access which largely removes practical difficulties of data collection and makes the data of the persons affected available without delay or attrition in the form of requirements of review. In addition, the information is given without telecommunications enterprises or other third parties becoming aware of this. Admittedly, the fact that the issuing of information is not noticed by the telecommunications enterprise ensures discretion for the persons whose data are involved; but at the same time, this means that the encroachments lack the effects of restraint and control which are entailed by observation by third parties. In addition, a legal review by the Federal Network Agency, which transmits the data, is only made if there is a particular occasion for this (see [section 112(4), sentence 2, of the Telecommunications Act ]). Since the retrieving authority does not have to give reasons for its request, however, such an occasion will scarcely ever arise. 157.     Weight also attaches to the fact that the legislature has drafted the purposes of the data very broadly. The data may generally be transmitted to the authorities named in [section 112(2) of the Telecommunications Act] for the performance of their statutory duties. This is restricted only for the law enforcement authorities under [section 112(2), no. 2, of the Telecommunications Act], and under [section 112(2), nos. 3 and 7, of that Act] for the customs authorities named there. But it is important in this connection that data may be issued to the former, under [section 112 of the Telecommunications Act], only for purposes of warding off danger, which excludes mere risk precaution. In connection with the respective duties of the authorities entitled to retrieve, the information duties of the Federal Network Agency are also not very restricted. In particular, there are no strict encroachment thresholds in the statute; instead, the duty of information is opened in full to the respective competence of the authorities. However, the fact that information may only be given in so far as it is necessary for the performance of the duty does create an objectively limiting factor. This ensures that retrievals are not casually permitted for mere guidance in advance but only when information actually needed for the performance of duties cannot be obtained more easily but equally effectively in another way. ... 163.     However, [section 112 of the Telecommunications Act] does not in fact restrict information to retrievals which are legitimised by specific legal bases relating to the automated information procedure, but also accepts requests which are based on simple powers of data collection. As a result, there is no requirement on the non ‑ constitutional level for the entitled authorities to be expressly specified over and above [section 112(2) of the Telecommunications Act] and for further conditions for data retrieval which are to be observed. ...” 19.     The Federal Constitutional Court nevertheless concluded that section   112 of the Telecommunications Act was proportionate: “155.     [Section 112 of the Telecommunications Act] satisfies the requirements of the principle of proportionality. The provision serves to increase the effectiveness of the performance of their duties by the authorities named in [section 112(2) of the Telecommunications Act] and it is suitable and necessary for this. It is also proportionate in the narrow sense. ... 158 .     Despite the fact that the weight of the encroachment is considerable, the provision is proportionate. The authorities entitled to retrieve are at least limited in number. The purposes for which they are given information under [section 112(2) of the Telecommunications Act] are central duties relating to the guarantee of security. In view of the increasing importance of electronic means of communication and the concomitant changes of human communication behaviour in all areas of life, the authorities here depend to a great extent on a possibility which is as uncomplicated as possible of being able to attribute telecommunications numbers individually. In this respect, it is a decision of the legislature which is constitutionally unobjectionable if it permits the transmission of these data in order to investigate criminal offences and dangers, to observe developments which endanger the Constitution in order for the government and the public to be informed or to give assistance in emergencies. Because such investigations must often be carried out rapidly and without the knowledge of those affected, an automated information procedure is of particular importance for them. Increasing the effectiveness of the work of the courts is also a concern whose weight is supported by such a provision. 159 .     The limited probative value of the data is of central importance for the weighing of interests: They provide information solely on the attribution of individual telecommunications numbers to their subscriber. Even if, in specific collection contexts, sensitive information may result from them, the information content of this information as such remains limited and in addition depends on further investigations whose lawfulness is to be evaluated under different provisions. ... 163.     ... Since the subject here is the transmission of data by an authority and the substantive conditions for this, including those with regard to the persons whose data are involved, are laid down definitively and with sufficient clarity [in section   112 of the Telecommunications Act], then, taking account of the limited weight of encroachment of the provision, this is compatible with the principle of proportionality and corresponds to the structure of the provisions on the automated retrieval of vehicle and vehicle owner data from the vehicle register ... and the provision on data transmission in the law relating to the registration of residents ... . Admittedly, this does not change the responsibility of the legislature – and in this connection, where applicable, of the Länder – for the constitutional formulation of the data collection provisions, which are not themselves the subject of the present proceedings. ...” In addition, the court emphasised the responsibility of the public authorities to apply these provisions in such a way that specific account was taken of the requirements of section 112(1) and (2) of the Telecommunications Act and in particular of the requirement that collection had to be necessary even in an individual case, and of the further requirements of the principle of proportionality. 20.     In respect of section 113 of the Telecommunications Act, the Constitutional Court held that the provision could only be understood as a release provision and that an additional legal basis for the retrieval of data by the authorities was required. The court also noted that there was no limitation regarding the requesting authority – except in relation to the authorities’ duties – and that the purposes for data retrieval were stated in broad terms. It concluded, nonetheless, that, in view of the information from the data in question, which in itself was limited, and their great importance for an effective performance of duties, the reach of this provision was constitutionally unobjectionable. 21.     The Federal Constitutional Court stated, inter alia : “176.     However, [section 113(1), sentence 1, of the Telecommunications Act] opens the manual information procedure very wide. It permits information for the purpose of warding off dangers, prosecuting criminal offences or regulatory offences and performing intelligence duties. In this connection, the provision is also given no specific thresholds of encroachment which define its scope in more detail. Instead, it always permits information in the individual case if this is necessary to perform the above duties. 177.     However, in view of the information content of the data in question, which in itself is limited, and their great importance for an effective performance of duties, the reach of this provision is constitutionally unobjectionable. In this connection, account must be taken of the fact that it by no means permits information to be given indiscriminately. On the contrary, there is a restrictive effect in the fact that information under [section 113(1), sentence 1, of the Telecommunications Act is] called for in the individual case and must be necessary. In relation to warding off danger, which the legislature has expressly not defined as including risk precaution, a prudent interpretation reveals that a ‘concrete danger’ within the meaning of the ‘general clauses’ [ Generalklauseln ] of police law is a requirement for such information. Admittedly, this threshold is low and also admits the suspicion of dangers. Equally, it does not in advance restrict information to persons endangering public security within the meaning of general police and regulatory law. However, this does not relieve it from restriction to such an extent as to be disproportionate in view of its limited weight of encroachment. In particular it does not enable information as a general means for lawful administrative enforcement, but in the individual case it requires the duty in question to have a security-law character. It is true that in regard to the intelligence services, which in general act in advance, irrespective of concrete dangers, there is no comparable threshold of encroachment. But this is justified by the restricted duties of the intelligence services, which are not directly aimed at police measures, but only at a duty to provide reports to the politically responsible State bodies or to the public. Apart from this, it follows here too from the requirement of necessity in the individual case that information under [section 113(1), sentence 1, of the Telecommunications Act] must be required in order to successfully investigate a particular action or group which requires observation by the security authorities. In so far as information relates to the prosecution of criminal offences and regulatory offences, the requirement of necessity in an individual case means that there must at least be an initial suspicion. 178.     Taken together, these thresholds are not high, but they are constitutionally acceptable. In this connection, it must be taken into account in comparison to [section   112 of the Telecommunications Act] that a manual information procedure entails certain procedural efforts on the part of the retrieving authority, which is likely to encourage the authority to obtain the information only where it is sufficiently needed.” 22.     Regarding legal remedies against information requests under sections 112 and 113 of the Telecommunications Act, the Federal Constitutional Court held: “186.     ... Nor are there objections to the fact that in view of the slightness of the encroachment no specific proceedings of legal redress are intended against information under [sections 112 and 113 of the Telecommunications Act]. Legal redress in this connection may be sought under general rules – in particular together with legal redress proceedings against the final decisions of the authorities. 187 .     The requirements of the principle of proportionality do not give rise to a blanket requirement for the persons affected by the information to be notified of the information under [sections 112 and 113 of the Telecommunications Act], ...” 23.     In its decision the Federal Constitutional Court established that 26.6   million data sets – either subscriber identity or telephone number – had been queried in 2008 under section 112 of the Telecommunications Act. That figure did not differentiate between data sets relating to pay-as-you-go mobile-telephone users and other customers. II.     RELEVANT DOMESTIC LAW AND PRACTICE A.     The Basic Law 24.     The provisions of the Basic Law, in so far as relevant for the present case, read: Article 1 “1.     Human dignity shall be inviolable. To respect and protect it shall be the duty of all State authority. ...” Article 2 “1.     Every person shall have the right to free development of his personality in so far as he does not violate the rights of others or offend against the constitutional order or the moral law. ...” Article 10 “1.     The privacy of correspondence, post and telecommunications shall be inviolable. 2.     Restrictions may be ordered only pursuant to a law. If the restriction serves to protect the free democratic basic order or the existence or security of the Federation or of a Land , the law may provide that the person affected shall not be informed of the restriction and that recourse to the courts shall be replaced by a review of the case by agencies and auxiliary agencies appointed by the legislature.” 25.     In its judgment of 15 December 1983 (nos. 1 BvR 209, 269, 362, 420, 440, 484/83) the Federal Constitutional Court established the right to informational self-determination and held: “In the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his or her personal data is encompassed by the right to protection of personality rights under Article 2 § 1 in conjunction with Article 1 of the Basic Law. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his or her personal data.” 26.     In its judgment of 2 March 2010 (nos. 1 BvR 256, 586, 263/08) the Federal Constitutional Court decided upon the constitutionality of provisions transposing EU Directive 2006/24/EC (see paragraphs 49-50 below) into German law (sections 113a and 113b of the Telecommunications Act and Article 100g of the Code of Criminal Procedure), which obliged service providers to store for a limited time (six months) all traffic data of telephone services and allowed the use of such data in the context of criminal prosecutions. The court declared section 113a of the Telecommunications Act (obligation to store) unconstitutional and void, owing to a violation of the right to protection of the secrecy of telecommunications. It held that a duty of storage to the extent provided was not automatically unconstitutional at the outset. However, it was not structured in a manner adapted to the principle of proportionality. The challenged provisions guaranteed neither adequate data security nor an adequate restriction of the purposes of use of the data. Nor did they in every respect satisfy the constitutional requirements of transparency and legal protection. B.     Telecommunications Act 27.     Section 111 of the Telecommunications Act obliges service providers to collect and store certain personal data of their customers. It thereby creates the basis for information requests under sections 112 and 113 of the Telecommunications Act. It read, at the relevant time and in so far as relevant, as follows: “(1)     Any person commercially providing or assisting in providing telecommunications services and in so doing allocating telephone numbers or providing telecommunications connections for telephone numbers allocated by other parties or other identifiers of the respective allocation, is, for the information procedures under sections 112 and 113, to collect, prior to activation, and store without undue delay: 1.     The telephone numbers and other identifiers of the respective allocation; 2.     The name and address of the allocation holder; 3.     The date of birth in the case of natural persons; 4.     In the case of fixed lines, additionally the address for the line; 5.     In cases in which a mobile-communication end device is made available together with the mobile-communication allocation, also the device number of the device in question, as well as; 6.     The effective date of the contract. Even if such data are not necessary for operational purposes; where known, the date of termination of the contract is likewise to be stored. Sentence 1 also applies where the data are not included in directories of subscribers. ... A person with obligations under sentence 1 or sentence 3 receiving notice of any changes is to correct the data without undue delay; in this connection the person with obligations under sentence 1 is subsequently to collect and store data not yet recorded if collecting the data is possible with no special effort. The manner in which data for the information-retrieval procedure provided for under section 113 are stored is optional. (2)     Where the service provider in accordance with subsection (1), sentence 1 or sentence 3, operates in conjunction with a sales partner, such a partner shall collect data according to subsection (1), sentences 1 and 3, under the pre-requisites set out therein and shall transmit to the service provider, without undue delay, these and other data collected under section 95; subsection (1), sentence 2, applies accordingly. Sentence 1 also applies to data relating to changes, inasmuch as the sales partner receives notice of them in the course of normal business transactions. (3)     Data within the meaning of subsection (1), sentence 1 or sentence 3, need not be collected subsequently for contractual relationships existing on the date of entry into force of this provision, save in the cases referred to in subsection (1), sentence 4. (4)     The data are to be erased upon expiry of the calendar year following the year in which the contractual relationship ended. ...” 28.     In July 2016 section 111 of the Telecommunications Act was amended and an obligation for service providers to verify prior to collection the personal data of the mobile-telephone user was included. Presentation of an identity card, a passport or other official identity document is required when the data are being registered initially. The amendment had been considered necessary to further restrict the possibilities available for circumventing the obligations laid down in section 111 of the Telecommunications Act. According to the preparatory work of the amendment (Publication of the Federal Parliament ( Bundestagsdrucksache ) no.   18/8702, p. 22), a considerable amount of false data had been found in the telecommunications providers’ databases, which had the character of a mass phenomenon. Requests of the relevant authorities pursuant to sections 112 and 113 of the Telecommunications Act had therefore in many procedures not resulted in useful information being provided. A constitutional complaint challenging the compatibility of this amendment with the Basic Law is currently pending before the Federal Constitutional Court (no.   1   BvR 1713/17). 29.     Section 112 of the Telecommunications Act sets out an automated procedure for the data stored under section 111 of the Telecommunications Act. In accordance with this procedure, providers of telecommunications services must supply the data in such a way that they can be retrieved by the Federal Network Agency without the knowledge of the providers. Moreover, the possibility of data retrieval using incomplete search data or a search with a similarity function must be provided. The relevant parts of section 112 of the Telecommunications Act read at the relevant time: “(1)     Any person providing publicly available telecommunications services shall store, without undue delay, data collected under section 111(1), sentences 1, 3 and 4, and subsection (2) in customer data files .... The obligated person shall ensure that: 1.     the Federal Network Agency is enabled, at all times, to retrieve data from customer data files by way of automation within Germany; 2.     data can be retrieved using incomplete search data or searches made by means of a similarity function. The obligated person and his agent are to ensure by technical and organisational measures that no retrievals can come to their notice. The Federal Network Agency may retrieve data from customer databases only to the extent that knowledge of the data is necessary: 1.     in order to prosecute administrative offences under the present Act or under the Unfair Competition Act [ Gesetz gegen den unlauteren Wettbewerb ]; 2.     in order to process requests for information lodged by the bodies set out in subsection (2). The requesting body shall verify without undue delay to what extent it needs the data transmitted in response to its request and shall erase any data it does not need without undue delay; this shall also apply to the Federal Network Agency regarding the retrieval of data in accordance with sentence 7, no. 1. (2)     Information from the customer data files according to subsection (1) shall be provided to: 1.     the courts and criminal prosecution authorities; 2.     Federal and Land law-enforcement authorities for purposes of averting danger; 3.     the Customs Criminal Investigations Office [ Zollkriminalamt ] and customs investigation offices [ Zollfahndungsämter ] for criminal proceedings and the Customs Criminal Investigations Office for the preparation and execution of measures under section 23a of the Customs Investigation Service Act [ Zollfahndungsdienstgesetz ]; 4.     Federal and Land offices for the protection of the Constitution, the Federal Armed Forces Counter-Intelligence Office, and the Federal Intelligence Service; 5.     the emergency service centres under section 108 and the service centre for the maritime mobile emergency number ‘124   124’; 6.     the Federal Financial Supervisory Authority; and 7.     the authorities of the customs administration for the purposes listed in section   2(1) of the Undeclared Work Act [ Schwarzarbeitsbekämpfungsgesetz ] via central enquiries offices as stipulated in subsection (4), at all times, as far as such information is needed to discharge their legal functions and the requests are submitted to the Federal Network Agency by means of automated procedures. ... (4)     At the request of the authorities referred to in subsection (2), the Federal Network Agency is to retrieve and transmit to the requesting authority the relevant data sets from the customer data files in accordance with subsection (1). It shall examine the admissibility of the transmission only where there is special reason to do so. Responsibility for such admissibility lies with: 1.     the Federal Network Agency, in the cases governed by subsection (1), sentence   7, no. 1; and 2.     the bodies set out in subsection (2), in the cases of subsection (1), sentence 7, no.   2. For purposes of data-protection supervision by the competent body, the Federal Network Agency shall record, for each retrieval, the time, the data used in the process of retrieval, the data retrieved, information clearly identifying the person retrieving the data, as well as the requesting authority, its reference number, and information clearly identifying the person requesting the data. Use for any other purposes of data recorded is not permitted. Data recorded are to be erased after a period of one year. ...” 30.     In June 2017 a regulation was issued concerning the automatic retrieval procedure under section 112 of the Telecommunications Act. This subscriber data information regulation ( Kundendatenauskunftsverordnung ) describes in more detail the possibilities of requesting information based on the address, name or telephone number of subscribers and outlines the required information to be provided for the requested search. In addition, it regulates searches based on incomplete data and searches made by means of a similarity function. The regulation was accompanied by a technical directive, setting the technical standards for the searches and for communication betCitations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;JUDGMENTS;CHAMBER;ENG
- Formation
- 23
- Date
- 30 janvier 2020
- Matière
- droits fondamentaux
Référence
ECLI:CE:ECHR:2020:0130JUD005000112
Données disponibles
- Texte intégral