On February 24, 2012, the German Federal Constitutional Court (Bundesverfassungsgericht) ruled that certain provisions in the Federal Telecommunications Act concerning the disclosure of telecom user data to law enforcement agencies violate the German constitution. The Court held that strict conditions apply when law enforcement authorities and intelligence agencies ask telecommunications service providers (which may include hospitals and hotels) to turn over certain user data, i.e. passwords and PIN codes.

Until now, German law enforcement authorities have had the authority to request data such as personal identification numbers or personal unlocking keys that protect access to devices or storage space on networks. The current law allows law enforcement to request such data without stating specific conditions or the legal basis for complying with such a request. According to the Court, however, because law enforcement authorities do not require this type of data to carry out their duties, the current provisions in telecommunications law allowing these requests are not “proportionate” and thus violate the constitutional right to informational self-determination.

The Court requested that the German legislature revise the relevant provisions of the German Federal Telecommunications Act by June 2013.

View a copy of the Court’s decision (in German).