The Constitutional Court, Germany’s top court, deemed that the police and intelligence officers have unwarranted levels of access to mobile and internet user data, said Deutsche Welle. The court ruled that some regulations allowing such excessive access are unconstitutional.
According to the top court, rules surrounding the collection of “inventory data” used for investigations and fighting crime includes names and birth dates.
Such practice is ruled to violate “fundamental rights to informational self-determination and to the protection of telecommunications secrecy,” said the court in a press release.
The statement clarified that collecting info is allowed under the German constitution. However, the law says that “transmission and retrieval regulations must sufficiently limit the purposes for which the data is used.”
This means that authorities can gather information about people provided that there are regulations that will ensure that the info will be used legally and within a legal purpose.
In fact, the press release explained that the transmission and retrieval of inventory data should occur only when there is “concrete danger” and “an initial suspicion for a criminal prosecution,” as per the Senate.
The court viewed the data gathering activities of the police and investigation authorities as “excessive” as it did not have the requirements to establish legal interest.
This ruling entails that the country’s existing Telecommunications Act and other related laws will have to be amended.
Existing laws only allow the police to search for personal info during criminal investigations but with limitations. Investigators can also request additional info from telecommunication and phone companies, and hospitals and hotels.
Aside from investigations, authorities can also use personal information to address terrorism and prevent acts of terror.
The ruling was in relation to two lawsuits wanting to impose limitations on authorities’ information access. The suits asserted that changes to current laws are necessary and that access should be granted to the police only when a serious crime is involved.
One of the lawsuits claimed that the existing laws grant the police easy access to personal data on a large scale as they could get email passwords and PIN codes for mobile phones without a judge’s approval.
This practice can also give them access to users’ IP addresses, which can be considered personally identifiable information.
More than 6,000 plaintiffs signed the lawsuit, which was filed in 2013 by Patrick Breyer and Katharina Nocun of the European Pirate Party. The Party is known to fight for data protection and internet rights.