(Apr. 25, 2013) On April 24, 2013, the Federal Constitutional Court issued a judgment in which it largely upheld the constitutionality of a German anti-terrorist database, while requiring the legislature to change a few provisions of the enabling legislation to remedy constitutional flaws in the system (docket no.1 BvR 1215/07, Federal Constitutional Court website, Press Release, Federal Constitutional Court, No. 31/2013, Counter-Terrorism Database in its Fundamental Structures Compatible with the Basic Law, but not Regarding Specific Aspects of its Design (Apr. 24, 2013)). The Court instructed the legislature to amend the relevant legislation by the end of 2014.
The antiterrorist database was created in 2007, pursuant to an Anti-Terrorist Database Act (Anti-terror Datenbankgesetz, Dec. 22, 2006, BUNDESGESETZBLATT (BGBl) I at. 3409, amended by Gesetz Feb. 28, 2008, BGBl. I at. 215, Federal Ministry of Justice website). The database has since then functioned as a fusion center into which German police and intelligence agencies of the federation and of the states, deposit data concerning suspected terrorists and from which these authorities can obtain information, mostly by being referred to the agency that provided the information, but in extreme situations also through direct access to the data. (Id.)
The Anti-Terror Database Act has long since been criticized for the scope of its operations that includes the storing of information not only on suspects but also on any of their contact persons and also for violating the principle of having firewalls between police and intelligence operations (Thomas Petri, HANDBUCH DES POLIZEIRECHTS 756 (Erhard Denninger & Frederic Rachor eds., 5th ed., 2012)). The separation between police and intelligence was introduced after World War II in occupied Germany under British influence, in order to avoid the abuses of the secret police (Gestapo) of Nazi Germany (EDWARD LITSCHFIELD ET AL., GOVERNING POSTWAR GERMANY 71 (2ND ed., 1972). It was never clarified in German legal doctrine whether this principle of separation had constitutional rank (Petri, supra).
In its April 24 decision, the Federal Constitutional Court balanced data protection concerns with the need to combat international terrorism effectively. The Court tied the desirability of limiting the exchange of data between police and intelligence agencies to the German constitutional principle of informational self-determination, which the Court had created in 1983 in the so-called Census Decision (65 ENTSCHEIDUNGEN DES BUNDESVERFASSUNGSGERICHTS 1(1983)) and which has since guaranteed the privacy of individuals. The court found, however, that the challenged Act did not violate this principle because a direct sharing of data was limited to exceptional cases (docket no.1 BvR 1215/07, supra).
Among the areas for which the Court found a need for reform is the treatment of data relating to contact persons, the treatment of information provided by undercover agents, and the requirement for oversight by data protection agencies. In addition, the Court categorically stated that the storing of data was unconstitutional if the data had been obtained in violation of constitutional guarantees of the secrecy of the mail, of telecommunications, and of the privacy of the home. (Id.)
The Federal Cabinet welcomed the decision for its preservation of a much-needed tool in combating terrorism (Eva Corell, Nach Urteil des Bundesverfassungsgerichts, Reform der Anti-Terror-Datei erst nach der Wahl, TAGESSCHAU (Apr. 24, 2013)). The reaction in the press was varied. Some viewed the decision as a deviation from the heretofore proclaimed standard of data protection as pronounced by the Court in various decisions (Thomas Darnstedt, Anti-Terror-Datei: Die grosse Datenpanscherei, SPIEGEL-ONLINE (Apr. 24, 2013)). Among these data-protective decisions is a decision of March 2, 2010, (BVerfG, 1 BvR256/08 vom 2.3.2010, Absatz-Nr. (1 – 345), Federal Constitutional Court website) in which the Court rejected the German transformation of the Data Retention Directive of the European Union (Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the Retention of Data Generated or Processed in Connection with the Provision of Publicly Available Electronic Communications Services or of Public Communications networks & amending Directive 2002/58/EC, 2006 OJ (L105) 54).