The German Constitutional Court has ruled that section 113 of the German Telecommunications Act, which supports the disclosure of information by telecommunications providers to German security and intelligence agencies is unconstitutional and violates the fundamental right to privacy.
Section 113 stipulates that when asked to do so, telecommunications service providers must disclose to the German security authorities information about their users. This includes information collected as part of the contractual relationship with the customer (including date of birth and bank account information) as well as information about the customer’s use of the services, such as the customer’s dynamic IP address. Authorities may request this information when necessary for investigation or prosecution of a criminal or administrative offense, to protect public safety and public order, or to perform tasks assigned to the security agency by law.
The court’s judgment explained that disclosing subscriber information is constitutionally permissible law only where it is performed with a legal basis, for a legitimate purpose and is proportionate considering the violation of the constitutional rights adversely affected by it. increasing the effectiveness of the security authorities’ work and preventing crimes is a legitimate purpose, its implementation in the law lacks proportionality.
Per the court, the legislature is required to specify threshold requirements proportional to the expected violation of rights. For example, disclosing a person’s dynamic IP address violates that person’s right to privacy more significantly than disclosing information related to their contractual relationship with the service provider. Therefore, such disclosures can be justified only in cases of immediate danger or where factual circumstances provide specific grounds for the authority’s use of these powers.
CLICK HERE to read the German Constitutional Court’s press release.