
German Court: Laws on obtaining ISP subscriber data are unconstitutional - Quanttek
https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2020/bvg20-061.html
======
Quanttek
Summary from the press release:

> In an order published today, the First Senate of the Federal Constitutional
> Court declared unconstitutional § 113 of the Telecommunications Act
> (Telekommunikationsgesetz – TKG) and several ordinary federal laws, which
> govern the manual procedure for obtaining information on subscriber data.
> They violate the complainants’ right to informational self-determination and
> their right to the privacy of telecommunications (Art. 10(1) of the Basic
> Law (Grundgesetz – GG). The complainants are subscribers of
> telecommunications and internet services. The manual information procedure
> enables security authorities to obtain information from telecommunications
> enterprises, in particular, information on subscribers of telecommunications
> services or an IP address assigned at a certain point in time. The
> information that is provided includes personal customer data that is linked
> to the conclusion or performance of a contract (so-called subscriber data).
> Information on data that relates to the use of telecommunications services
> (so-called traffic data) and the actual content of telecommunications is not
> provided.

> In principle, providing information on subscriber data is permissible under
> constitutional law. Yet, similar to the image of a double-door, the
> legislature must create a proportionate legal basis for both the transfer of
> subscriber data by telecommunications providers and the retrieval of such
> data by the authorities. Provisions on transferring and retrieving data must
> adequately limit the purposes of the utilisation of data, particularly by
> establishing thresholds for the use of powers as part of the constituent
> elements of the provision and by providing for sufficiently meaningful
> protection of legal interests. The First Senate clarified that, in
> principle, despite the moderate weight of the interference, using the
> general powers to transfer and retrieve subscriber data in the context of
> maintaining public security and the activities of intelligence services
> requires there to be a specific danger in the individual case, and an
> initial suspicion of criminal conduct (Anfangsverdacht) in the context of
> the investigation and prosecution of offences. Where dynamic IP addresses
> are matched, this must additionally serve to protect or legally reinforce
> legal interests of at least considerable weight given the increased weight
> of the interference. Where, with regard to maintaining public security or
> activities of intelligence services, the thresholds for the use of powers
> require less than a specific danger, this must be compensated for by
> establishing stricter requirements for the weight of the legal interests
> meriting protection. For the most part, the challenged provisions did not
> satisfy these requirements. For the rest, the First Senate again held that
> information on login details may be provided only if the statutory
> requirements for its use are met.

